Link to home
Start Free TrialLog in
Avatar of itinside
itinside

asked on

What should my SPF record look like?

I have an Exchange 2003 Server setup that has a public IP address of:  1.1.1.1
Its primary MX record goes to a spam filtering service (public IP: 2.2.2.2) which then forwards the filtered email to the Exchange server on 1.1.1.1  (no MX record is setup for 1.1.1.1)

When the Exchange server sends emails, it goes through the same company that does the spam service (setup as a Smart Host) but it goes through the IP:2.2.2.3 (on the same subnet as the MX record)

How should my SPF be setup? I have read: http://www.microsoft.com/mscorp/safety/content/technologies/senderid/wizard/default.aspx
but am confused about the outbound settings.

The problem I have is that I am getting bounced back messages when sending to Hotmail.com  (this started only a few days ago, and not changes have been made)
Avatar of grblades
grblades
Flag of United Kingdom of Great Britain and Northern Ireland image

So all email being sent will be sent by your IP address 1.1.1.1 to the spam filtering server and it will then send the email on from the IP address 2.2.2.3.

In that case your SPF record should be :-
"v=spf1 ip4:1.1.1.1 ip4:2.2.2.3 ~all"
Basically this is saying that only 1.1.1.1 and 2.2.2.3 are permitted to send email which has a from address in your email domain.
Avatar of Felix Grushevsky
I don't think you need 1.1.1.1 in your SPF record because mail is not going to recipients from 1.1.1.1, but only from 2.2.2.3
"v=spf1 ip4:2.2.2.3 -all"
also, if you don't want "soft fail" version of SPF then you will want "-all" instead of "~all"
ASKER CERTIFIED SOLUTION
Avatar of grblades
grblades
Flag of United Kingdom of Great Britain and Northern Ireland image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of nvtech
nvtech

It depends on if the spam filter you're routing your mail through is doing SPF checking.  If it is, then put both IP's in your SPF record, if not then just the Spam filters IP should be there.  

You can also use this site for some help. http://www.openspf.org/