mchad65
asked on
Proper formatting for DNS SPF record
We have been getting a fair amount of NDR's from emails that were clearly not send by our users, yet have our users email addresses as the return to value. I suspect it could be due to improper formatting of the SPF entry in our DNS zone. Below is the line. Is it correct?
Note: we have three servers that send mail. Our primary exchange server "exchangeserver" and two application servers that send emails to our clients "mailapplicationserver1 and 2"
Our SPF record:
;;ourdomain.com. 3600 IN TXT "v=spf1 mx ptr a:exchangeserver.ourdomain .com a:mailapplicationserver1.o urdomain.c om a:mailapplicationserver2.o urdomain.c om ~all"
Note: we have three servers that send mail. Our primary exchange server "exchangeserver" and two application servers that send emails to our clients "mailapplicationserver1 and 2"
Our SPF record:
;;ourdomain.com. 3600 IN TXT "v=spf1 mx ptr a:exchangeserver.ourdomain
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
The only part you may consider changing is ~all to -all. That switches you from soft-fail to hard-fail (reject completely rather than tag).
I doubt it will make a difference really but there's little harm in it.
Chris
ASKER
What is meant by "tag" and, is there any risk at all by changing to hard-fail?
Thanks
Thanks
Tag it so it has more chance of being binned as Spam. The risk with hard-fail only appears if you forgot to add a server or two to your SPF record.
Chris
ASKER
Perfect. Thank you!
ASKER