We help IT Professionals succeed at work.

I need to create an SPF record for our Domain. Have some questions

277 Views
Last Modified: 2010-04-20
We are running a mix of Exchange 2003 and Exchange 2007. Right now, I have four SMTP servers sending email to the Internet. Two 2003 and two 2007. They all have proper reverse lookups in DNS. We host our own DNS. I have been reading up on SPF records and I know we don't have any defined for our Domain. Is this something that others are doing, and what are the downfalls if any? I am guessing I just put these records on our Public DNS servers. Has anyone else done this and not had a problem with mail flow. I am concerned that I might disrupt mail flow. Are there any good articles on how to do this in a typical Exchange environment.
Comment
Watch Question

Site Reliability Engineer
CERTIFIED EXPERT
Most Valuable Expert 2011
Commented:
This one is on us!
(Get your first solution completely free - no credit card required)
UNLOCK SOLUTION
Commented:
This one is on us!
(Get your first solution completely free - no credit card required)
UNLOCK SOLUTION

Author

Commented:
Thanks that input. Let me ask this. If the receiving server has implemented SPF checking and the sender has not implemented SPF records, what happens to the email? In the absence of an SPF record of any kind on the sender side, does it just stop the checking. I can't imagine it will block anything  because like stated, a lot of servers don't have SPF records.
tigermattSite Reliability Engineer
CERTIFIED EXPERT
Most Valuable Expert 2011

Commented:
If the receiving server is configured correctly and has implemented SPF, then it will check the SPF records. If an SPF record exists for your domain, then it will cross-check all the information to ensure it is accurate before the message is accepted.

Without an SPF implementation for a particular mail domain, the message must still be accepted. Take up of SPF on sending email domains is not enough at this stage for mail servers to reject mail where the sending domain has no SPF.

-tigermatt

Author

Commented:
OK, so what I get from all this is if you are going to do SPF, then you need to do it right and be accurate or you could have problems. Otherwise, don't do it at all. I just need to find every server in my network that sends email and make sure its listed in the SPF records. Seems to me that if we decided to do SPF checking ourselves, that could also lead to problems because companies that are sending to us my try to SPF, but do it incorrectly such as not include all smtp server IP addresses, and we would reject their emails.
tigermattSite Reliability Engineer
CERTIFIED EXPERT
Most Valuable Expert 2011

Commented:
Yes, if you implement SPF then you need to get things right. You also need to remember that it is the PUBLIC names and IPs that you need to register on the SPF record, not the internal names or IP addresses.

If you start checking SPF, then companies should have already sorted out their records and got things running. It's their problem if you start rejecting their mail - they will soon receive NDR messages galore and will have to do something about it. Without checking SPF records, your server will just be another one out of the hundreds out there which isn't supporting this new standard.

-tigermatt

Author

Commented:
OK, thanks for all this info. The reason I bring this up is we use Barracuda network appliances to accept all inbound email and there is a setting for SPF checking. The recommended default from Barracuda is to leave it off because it loads down the appliance doing all the checking on every email.
Unlock the solution to this question.
Join our community and discover your potential

Experts Exchange is the only place where you can interact directly with leading experts in the technology field. Become a member today and access the collective knowledge of thousands of technology experts.

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.