• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 971
  • Last Modified:

SPF REcord Creation

Where do I create it?  Do I create it?  At the mail server itself?  My ISP?  WHo?  I called interland (now web.com) and they said call our provider verizon.  Verizon says to call them.

We have the email name hosted with network solutions, pointing to interland's (web.com) DNS servers which direct the mail to OUR in house server.  The mail also of course originates FROM our in house  server.

It is w2k3 server enterprise with symatec premium antispam.  Symantec said we need to create and SPF record at:


But I don't know WHERE to put it, what to put in and if it will screw up our mail??

here is another link for windows machines:

1 Solution
The SPF record has to be set on the authoritative DNS servers for your domain (interland)
Use the wizard to generate the record.
Read more on the subject: http://en.wikipedia.org/wiki/Sender_Policy_Framework
SPF records aren't worth the time it takes to try and configure them.
Their deployment level is so low that they cannot be used for any kind of effective spam detection other than scoring.

Do you actually know what an SPF record does? It will not do anything to change the amount of spam that you receive. The idea of an SPF record is to stop spammers from spoofing your domain for other people.

SPF does allow you to add a layer of protection when spammers try to fool your own mailserver when sending mail to you using your own domain as the from address.

That is actually the only added value from an anti-spam point of view... but then again there were already 10 other ways to implement this trick.

I agree with Simon that the deployment level is too low to trust that the Sender Proof Framework will actually lower the amount of spam that will end up in your Inbox.

Raymond Zwarts
Sp0ckyAuthor Commented:
Thanks experts.

"The SPF record has to be set on the authoritative DNS servers for your domain (interland)
Use the wizard to generate the record."

Interland (web.com) kept us going back and forth with verizon for 5 hours.  Then they said outright "no" we will not do it.  They have no clue.

"Sender Proof Framework "  hmm.. I did not know that was the full name.  thanks.

If I do decide to create this entry...I want to be sure how to do it.  So our server is lets say mail.xyz.com.  our domain is xyz.com.  xyz.com is a separate website and mail.xyz.com is the mail server...so which one do I enter for the link
http://old.openspf.org/wizard.html ?

Paste this into your zone file:

xyz.com. IN TXT "v=spf1 a mx -all"

if you want to soft-fail (just record forgery) change -all to ~all  (tilde instead of dash).


Featured Post

Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now