Need help setting up SPF Record

We are trying to setup an SPF using the Microsoft SPF Record Wizard website. I am a little confused on what IP addresses and or name I should use. Hopefully I can explain this without making things even more confusing.

We have a couple of different domain names that we can receive email with. The two below are good examples.

Using the wizard to lookup the SPF
No MX record found
A Record
A Record
MX Record

My domain name uses the .us and not the .aero— is displayed in AD . When I use the SPF wizard it doesn’t find an MX record for the .us but only for the .aero. It does find an A record for both. If I type in the IP address of the A Record its takes us to the site that we registered our domain name with.  The MX record for the .aero points directly to our static exchange IP address.

We are using Server 2003, and Exchange 2003. The Exchange server is for both outbound and inbound mail.

I would have used the .aero address however, anytime we recieve a response back that an email wasnt delivered it has in the message < #5.4.0>.

Any help with would be appreciated.
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Did you try putting in the info into the SPF Wizard by hand, rather than let it pick?  If you know all your mail server addresses, you should still be able to use the wizard but manually input your IP or server names.  Then just take the resulting txt and add the TXT record in DNS.
Hypercat (Deb)Commented:
It looks like the public name of your mail server is, not  By your description, what I'm guessing is that is your internal (AD) domain name and is your publicly registered domain name.You can confirm this by going to and running DNSreports against your domain using the .aero domain.  That would be the name that you need to use in your SPF setup.  
stevensimsAuthor Commented:
I went to DNSstuff and did the DNSreport. One section did fail when I ran that test.

NS section
All nameservers respond Failed
ERROR: Some of your nameservers listed at the parent nameservers did not respond. The ones that did not respond are:
Note: If you are running a Watchguard Firebox with DNS Proxy enabled, there may be a bug causing port numbers get mixed up -- if this is the case, you can contact Watchguard to see if they have a fix.

In the MX section everything passed and had the with our exchange static IP address listed.

In Mail section we had two warnings. One was no SPF and the other was a Mail server host name greeting— claims to be non-existent host (This of course is actually the correct name for our email server.)

I went to the SPF setup website (not Microsoft) and it has our domain name .aero assigned to an external IP address --which is the site we have our website through.

The has to be a public domain name, however is also assigned that same external IP address. Please correct me if I am wrong, I am assuming a user sends an email to myself it would first go to the (Public) and then it would find that domain registered to It would then send the email to our internal domain of (our exchange external IP)..Is that somewhat correct?

In setting up the SPF will I need both the external public IP address and our Exchange IP address?
Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Hypercat (Deb)Commented:
Your internal AD domain name is irrelevant in this scenario. If your statement that " is also assigned to that public IP address" is in fact correct, then you might need to fix this.  Unless "" is a publicly registered domain name, there should NOT be a public DNS record resolving to that IP address.  

As far as email, the public MX record points to  The MX record is the only DNS record that affects where your email goes.  The warning you saw in the dnsreport referring to the mail server host name greeting is appearing because your mail server is misconfigured.  You really should fix this. Although 99% of the time it doesn't cause any problems, with SPF I believe it will.  To fix it:

1. In the Exchange ESM, go to the properties of the SMTP virtual server.
2. Go to the Delivery tab and click the Advanced button.
3. In the Fully qualified domain name box, type:

You said that in AD, all your users have a email address, and this is where all of your external email is delivered. You need to make sure that this is also set as the default email address.  Again, unless is a publicly registered domain name that you want to use to receive email, you should eliminate the addresses entirely - remove them from your RUS - you really don't need them.  If you do want to use as a public email address, then you would have to set up a public MX record for that domain.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
stevensimsAuthor Commented:
Hi Hypercat,

I am not the original IT guy that set everything up, so I am not for sure why it is setup this way but we can receive emails with either .aero or .us. In active directory we have all of our users assigned with both (, If everything was setup with just the .aero i don’t think I would have had any problems. The .us was part of my confusion.
Hypercat (Deb)Commented:
Yeah, I can see why.  Unless I've misunderstood something or there's something out there in your configuration that you don't know about or haven't described, you really don't need those other addresses.  However, if you're at all unsure, you can leave them there.  As long as the addresses are set as the primary (default) addresses, then everything should work fine.  You can always check with your domain registry provider to see if the is actually registered if you don't know.

Looking again at your first post, I just noticed that it appears that there isn't any A record for the server name  Unless you left it out by mistake.  You need to have this A record in place to resolve the host name to your public IP address.  If you need to double-check this, do a lookup through DNSstuff for A and MX records for and see what you find.  You should see an A record for your public IP resolving to and an MX record pointing to
stevensimsAuthor Commented:
Yes it did have that: MX record   (Public Exchange IP address) A record         (Public IP address)

It seems like everything is setup correctly.

It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2003

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.