is this enough for a SPF record?

Posted on 2011-05-06
Last Modified: 2012-05-11
I use mxlogic as my email washing service and as a SmartHost. From time to time, we get a fail on SPF lookups and a sent email gets rejected back to us.  Our current  record is
"v=spf1 +a +mx ~all", where if I interpret this correctly, means
-the sending server must have RPTR
-Be in the MX record
-soft fail otherwise.

and I  want to change that to

"v=spf1  ~all" meaning:
-include as valid sender of email for said domain.

Is this right?

found this article to be fairly clear, but I was hoping to get some realworld opinions on it before I hit "go".

just in case it matters, Exchange 2010 is our server
Question by:tsaico
    LVL 25

    Assisted Solution

    Your current SPF record will pass as long as the sending server has a host or MX record in your domain and will softfail otherwise.  Your proposed SPF record basically says to check's SPF record, and if the sending server passes there, it will pass (and once again, softfail otherwise).
    LVL 70

    Accepted Solution


    > -the sending server must have RPTR


    It means the sending server can match the A record attached to "" where "" is the zone the SPF record resides in.

    The sending server must match one or more of the terms in the SPF to pass the test.

    > -include as valid sender of email for said domain.

    It includes the SPF record of in your own. If there's no SPF it'll do nothing, or if the SPF record does not include the sending server it'll fail.

    At the moment they have these in their SPF:

    ip4: ip4: ip4:

    Using Include will effectively add all of those to your own SPF.

    Whether that's right or not depends on MXLogic, I assume they have documentation about this?

    LVL 9

    Author Comment

    They do, have documentation, but it says "add mxlogic to the spf record, talk to your admin for more information", without providing much detail.  I just want to make sure I understand how SPF works since this is my first entry.  While this looks like it would work, I think I understand HOW spf works and what these little tags and arguments mean.

    Thanks guys, since MX Logic is the only place my send connectors send to (smarthost), I will send this to my dns.
    LVL 70

    Expert Comment

    by:Chris Dent
    It does look right, and it does agree with their sparse documentation :)

    LVL 4

    Expert Comment

    Are you sending your outbound email through this service too?

    The SPF record is supposed to have the Servers that are allow to send email from your domain. If you send outbound email through it, then it must be in the SPF. IF your Exchange Server deliver directly then it needs to be in the SPF like this: v=spf1 a:<> ~all
    IF you send Email out via the servers, then you'll likely need to use the same SPF that uses: v=spf1 ip4: ip4: ip4: ~all Or just v=spf1 ~all, this is really a question yout need to ask, if they are resposible for your outbound email.

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Why do Marketing keep bothering you?

    Is your marketing department constantly asking for new email signature updates? Are they requesting a different design for every department? Do they need yet another banner added? Don’t let it get you down! There is an easy way to manage all of these requests...

    Email statistics and Mailbox database quotas You might have an interest in attaining information such as mailbox details, mailbox statistics and mailbox database details from Exchange server. At that point, knowing how to retrieve this information …
    Resolve Outlook connectivity issues after moving mailbox to new Exchange 2016 server
    In this Micro Video tutorial you will learn the basics about Database Availability Groups and How to configure one using a live Exchange Server Environment. The video tutorial explains the basics of the Exchange server Database Availability grou…
    To add imagery to an HTML email signature, you have two options available to you. You can either add a logo/image by embedding it directly into the signature or hosting it externally and linking to it. The vast majority of email clients display l…

    779 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    13 Experts available now in Live!

    Get 1:1 Help Now