We have been getting a fair amount of NDR's from emails that were clearly not send by our users, yet have our users email addresses as the return to value. I suspect it could be due to improper formatting of the SPF entry in our DNS zone. Below is the line. Is it correct?
Note: we have three servers that send mail. Our primary exchange server "exchangeserver" and two application servers that send emails to our clients "mailapplicationserver1 and 2"
Our SPF record:
;;ourdomain.com. 3600 IN TXT "v=spf1 mx ptr a:exchangeserver.ourdomain.com a:mailapplicationserver1.ourdomain.com a:mailapplicationserver2.ourdomain.com ~all"