asked on

Proper formatting for DNS SPF record

We have been getting a fair amount of NDR's from emails that were clearly not send by our users, yet have our users email addresses as the return to value. I suspect it could be due to improper formatting of the SPF entry in our DNS zone. Below is the line. Is it correct?

Note: we have three servers that send mail. Our primary exchange server "exchangeserver" and two application servers that send emails to our clients "mailapplicationserver1 and 2"

Our SPF record:
;;ourdomain.com. 3600 IN TXT "v=spf1 mx ptr a:exchangeserver.ourdomain.com a:mailapplicationserver1.ourdomain.com a:mailapplicationserver2.ourdomain.com ~all"

ASKER CERTIFIED SOLUTION

Chris Dent

membership

This solution is only available to members.

To access this solution, you must be a member of Experts Exchange.

Start Free Trial

mchad65

ASKER

Thanks for the detailed response. We are still using 2003, so that's not an option at this time. I am willing to accept is as a fact of life on the internet, I just wanted to make sure the SPF was properly formatted. Sounds like it is (from other sources as well). So I am willing to live with it.

Chris Dent

The only part you may consider changing is ~all to -all. That switches you from soft-fail to hard-fail (reject completely rather than tag).

I doubt it will make a difference really but there's little harm in it.

Chris

mchad65

ASKER

What is meant by "tag" and, is there any risk at all by changing to hard-fail?

Thanks

Chris Dent

Tag it so it has more chance of being binned as Spam. The risk with hard-fail only appears if you forgot to add a server or two to your SPF record.

Chris

mchad65

ASKER

Perfect. Thank you!