Need help setting up SPF Record

Posted on 2007-04-03
Last Modified: 2008-02-01
We are trying to setup an SPF using the Microsoft SPF Record Wizard website. I am a little confused on what IP addresses and or name I should use. Hopefully I can explain this without making things even more confusing.

We have a couple of different domain names that we can receive email with. The two below are good examples.

Using the wizard to lookup the SPF
No MX record found
A Record
A Record
MX Record

My domain name uses the .us and not the .aero— is displayed in AD . When I use the SPF wizard it doesn’t find an MX record for the .us but only for the .aero. It does find an A record for both. If I type in the IP address of the A Record its takes us to the site that we registered our domain name with.  The MX record for the .aero points directly to our static exchange IP address.

We are using Server 2003, and Exchange 2003. The Exchange server is for both outbound and inbound mail.

I would have used the .aero address however, anytime we recieve a response back that an email wasnt delivered it has in the message < #5.4.0>.

Any help with would be appreciated.
Question by:stevensims
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3

Expert Comment

ID: 18846138
Did you try putting in the info into the SPF Wizard by hand, rather than let it pick?  If you know all your mail server addresses, you should still be able to use the wizard but manually input your IP or server names.  Then just take the resulting txt and add the TXT record in DNS.
LVL 38

Expert Comment

by:Hypercat (Deb)
ID: 18846157
It looks like the public name of your mail server is, not  By your description, what I'm guessing is that is your internal (AD) domain name and is your publicly registered domain name.You can confirm this by going to and running DNSreports against your domain using the .aero domain.  That would be the name that you need to use in your SPF setup.  

Author Comment

ID: 18846669
I went to DNSstuff and did the DNSreport. One section did fail when I ran that test.

NS section
All nameservers respond Failed
ERROR: Some of your nameservers listed at the parent nameservers did not respond. The ones that did not respond are:
Note: If you are running a Watchguard Firebox with DNS Proxy enabled, there may be a bug causing port numbers get mixed up -- if this is the case, you can contact Watchguard to see if they have a fix.

In the MX section everything passed and had the with our exchange static IP address listed.

In Mail section we had two warnings. One was no SPF and the other was a Mail server host name greeting— claims to be non-existent host (This of course is actually the correct name for our email server.)

I went to the SPF setup website (not Microsoft) and it has our domain name .aero assigned to an external IP address --which is the site we have our website through.

The has to be a public domain name, however is also assigned that same external IP address. Please correct me if I am wrong, I am assuming a user sends an email to myself it would first go to the (Public) and then it would find that domain registered to It would then send the email to our internal domain of (our exchange external IP)..Is that somewhat correct?

In setting up the SPF will I need both the external public IP address and our Exchange IP address?
Free learning courses: Active Directory Deep Dive

Get a firm grasp on your IT environment when you learn Active Directory best practices with Veeam! Watch all, or choose any amount, of this three-part webinar series to improve your skills. From the basics to virtualization and backup, we got you covered.

LVL 38

Accepted Solution

Hypercat (Deb) earned 125 total points
ID: 18846759
Your internal AD domain name is irrelevant in this scenario. If your statement that " is also assigned to that public IP address" is in fact correct, then you might need to fix this.  Unless "" is a publicly registered domain name, there should NOT be a public DNS record resolving to that IP address.  

As far as email, the public MX record points to  The MX record is the only DNS record that affects where your email goes.  The warning you saw in the dnsreport referring to the mail server host name greeting is appearing because your mail server is misconfigured.  You really should fix this. Although 99% of the time it doesn't cause any problems, with SPF I believe it will.  To fix it:

1. In the Exchange ESM, go to the properties of the SMTP virtual server.
2. Go to the Delivery tab and click the Advanced button.
3. In the Fully qualified domain name box, type:

You said that in AD, all your users have a email address, and this is where all of your external email is delivered. You need to make sure that this is also set as the default email address.  Again, unless is a publicly registered domain name that you want to use to receive email, you should eliminate the addresses entirely - remove them from your RUS - you really don't need them.  If you do want to use as a public email address, then you would have to set up a public MX record for that domain.

Author Comment

ID: 18846900
Hi Hypercat,

I am not the original IT guy that set everything up, so I am not for sure why it is setup this way but we can receive emails with either .aero or .us. In active directory we have all of our users assigned with both (, If everything was setup with just the .aero i don’t think I would have had any problems. The .us was part of my confusion.
LVL 38

Expert Comment

by:Hypercat (Deb)
ID: 18846978
Yeah, I can see why.  Unless I've misunderstood something or there's something out there in your configuration that you don't know about or haven't described, you really don't need those other addresses.  However, if you're at all unsure, you can leave them there.  As long as the addresses are set as the primary (default) addresses, then everything should work fine.  You can always check with your domain registry provider to see if the is actually registered if you don't know.

Looking again at your first post, I just noticed that it appears that there isn't any A record for the server name  Unless you left it out by mistake.  You need to have this A record in place to resolve the host name to your public IP address.  If you need to double-check this, do a lookup through DNSstuff for A and MX records for and see what you find.  You should see an A record for your public IP resolving to and an MX record pointing to

Author Comment

ID: 18847127
Yes it did have that: MX record   (Public Exchange IP address) A record         (Public IP address)

It seems like everything is setup correctly.


Featured Post

Get 15 Days FREE Full-Featured Trial

Benefit from a mission critical IT monitoring with Monitis Premium or get it FREE for your entry level monitoring needs.
-Over 200,000 users
-More than 300,000 websites monitored
-Used in 197 countries
-Recommended by 98% of users

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Learn to move / copy / export exchange contacts to iPhone without using any software. Also see the issues in configuration of exchange with iPhone to migrate contacts.
In-place Upgrading Dirsync to Azure AD Connect
In this video we show how to create a Contact in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >> Contact ta…
The video tutorial explains the basics of the Exchange server Database Availability groups. The components of this video include: 1. Automatic Failover 2. Failover Clustering 3. Active Manager

690 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question