SPF email record

Hello Experts,
Our company has recently migrated email servers and we need to verify our SPF records are correct.  Its a simple environment with an exchange box sitting behind a barracuda spam firewall.  Here is what we have: (ive changed the info a bit to protect privacy)

mx record: mx01.somecompany.com
internal exchange server: mx01.eh.local
send connector on exchange: mx01.somecompany.com
receive connector on exchange: mx01.somecompany.com
barracuda spam filter (we run outbound messages through it): ehba-001.somecompany.com

our current spf record:
v=spf1 mx ptr ip4:[64.10.10.10] mx:mx01.somecompany.com -all


Here is a bounce back message from a hotmail account:

X-ASG-Debug-ID: 1299333332-03ca88770711720001-lEgx0r
Received: from mx01.somecompany.com (mx01.eh.local [10.20.8.3]) by
 EHBA-001.somecompany.com with ESMTP id xmFdy9k5s7XQ6JLj for
 <someemailaddr@hotmail.com>; Sat, 05 Mar 2011 07:55:36 -0600 (CST)
X-Barracuda-Envelope-From: sender@somecompany.com
Received: from MX01.eh.local ([fe80::7d84:be4a:4192:9c1]) by
 mx01.eh.local ([fe80::7d84:be4a:4192:9c1%18]) with mapi id
 14.01.0270.001; Sat, 5 Mar 2011 07:53:55 -0600


Do we need to add the barracuda (ehba-001.somecompany.com) to the spf record? Or our internal exchange server (mx01.eh.local)?  

Thanks for your help!!


speeder503Asked:
Who is Participating?

Improve company productivity with a Business Account.Sign Up

x
 
Alan HardistyConnect With a Mentor Co-OwnerCommented:
All that is needed in your SPF record is your sending IP Address.

You can check your SPF record is valid on the following site:

http://www.kitterman.com/spf/validate.html

And work out what to put in your SPF record here:

http://old.openspf.org/wizard.html
0
 
Alan HardistyCo-OwnerCommented:
If your current SPF record is:

v=spf1 mx ptr ip4:[64.10.10.10] mx:mx01.somecompany.com -all

Then you need to remove the square brackets from around the IP Address so it looks like this:

v=spf1 mx ptr ip4:64.10.10.10 mx:mx01.somecompany.com -all
0
 
Daniel McAllisterPresident, IT4SOHO, LLCCommented:
In answer to the question, to TEST your SPF record, you have many options:

1) If you have a Linux system, use the command (part of bind/named)
dig txt domain.com
 -- or, if you're using a newer DNS server, try --
dig spf domain.com
In either case, your SPF record will be in the response

2) If you want a web-based test, try here
Good Luck!

Dan
IT4SOHO
0
 
speeder503Author Commented:
Thanks for the suggestions:
I've modified the spf record to read: v=spf1 mx ptr ip4:myaddr -all  and it passes on kitterman.com's website.  However I still receive a 550 sc-002 message from hotmail.

Im concerned by the following header received by hotmail:

Received: from mx01.somecompany.com (mx01.eh.local [10.20.8.3]) by
 EHBA-001.somecompany.com

Are we sure I do not need to add the ip address of EHBA-001.somecompany.com to the spf record?
0
 
Alan HardistyCo-OwnerCommented:
Is EHBA-001.somecompany.com the internal FQDN of your Exchange Server?
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.