SPF email record

speeder503 used Ask the Experts™
Hello Experts,
Our company has recently migrated email servers and we need to verify our SPF records are correct.  Its a simple environment with an exchange box sitting behind a barracuda spam firewall.  Here is what we have: (ive changed the info a bit to protect privacy)

mx record: mx01.somecompany.com
internal exchange server: mx01.eh.local
send connector on exchange: mx01.somecompany.com
receive connector on exchange: mx01.somecompany.com
barracuda spam filter (we run outbound messages through it): ehba-001.somecompany.com

our current spf record:
v=spf1 mx ptr ip4:[] mx:mx01.somecompany.com -all

Here is a bounce back message from a hotmail account:

X-ASG-Debug-ID: 1299333332-03ca88770711720001-lEgx0r
Received: from mx01.somecompany.com (mx01.eh.local []) by
 EHBA-001.somecompany.com with ESMTP id xmFdy9k5s7XQ6JLj for
 <someemailaddr@hotmail.com>; Sat, 05 Mar 2011 07:55:36 -0600 (CST)
X-Barracuda-Envelope-From: sender@somecompany.com
Received: from MX01.eh.local ([fe80::7d84:be4a:4192:9c1]) by
 mx01.eh.local ([fe80::7d84:be4a:4192:9c1%18]) with mapi id
 14.01.0270.001; Sat, 5 Mar 2011 07:53:55 -0600

Do we need to add the barracuda (ehba-001.somecompany.com) to the spf record? Or our internal exchange server (mx01.eh.local)?  

Thanks for your help!!

Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Top Expert 2011
All that is needed in your SPF record is your sending IP Address.

You can check your SPF record is valid on the following site:


And work out what to put in your SPF record here:

Alan HardistyCo-Owner
Top Expert 2011

If your current SPF record is:

v=spf1 mx ptr ip4:[] mx:mx01.somecompany.com -all

Then you need to remove the square brackets from around the IP Address so it looks like this:

v=spf1 mx ptr ip4: mx:mx01.somecompany.com -all
Daniel McAllisterPresident, IT4SOHO, LLC

In answer to the question, to TEST your SPF record, you have many options:

1) If you have a Linux system, use the command (part of bind/named)
dig txt domain.com
 -- or, if you're using a newer DNS server, try --
dig spf domain.com
In either case, your SPF record will be in the response

2) If you want a web-based test, try here
Good Luck!



Thanks for the suggestions:
I've modified the spf record to read: v=spf1 mx ptr ip4:myaddr -all  and it passes on kitterman.com's website.  However I still receive a 550 sc-002 message from hotmail.

Im concerned by the following header received by hotmail:

Received: from mx01.somecompany.com (mx01.eh.local []) by

Are we sure I do not need to add the ip address of EHBA-001.somecompany.com to the spf record?
Alan HardistyCo-Owner
Top Expert 2011

Is EHBA-001.somecompany.com the internal FQDN of your Exchange Server?

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial