Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Server 2008 R2 SPF record, where is it?

Posted on 2011-09-29
11
Medium Priority
?
1,204 Views
Last Modified: 2012-05-12
Where should I be looking for the SPF record existence?  I have GFI mail essentials on site, and I'm aware they provide a free SPF service with their software, but it's currently shut off.

I'm asking because the spam that is coming from internal sources (spoofing I think this is called?) is increasing for some users.  Coming from old email addresses that are rarely used (old contacts that haven't updated their contacts list; people who remember the company as their old name, etc.).
0
Comment
Question by:mgedlaman
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
  • 3
  • +1
11 Comments
 
LVL 13

Expert Comment

by:Govvy
ID: 36816820
0
 
LVL 21

Expert Comment

by:Papertrip
ID: 36816826
SPF records are TXT records for the parent domain.

You can look yours up at http://www.kitterman.com/spf/validate.html
0
 
LVL 21

Expert Comment

by:Papertrip
ID: 36816843
Apologies I was distracted and misspoke.   I meant an SPF record is a TXT record for the sending domain.
0
Does Powershell have you tied up in knots?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

 
LVL 1

Expert Comment

by:robw24
ID: 36816880
SPF records are always located on public zone records for the domain. So start with whoever is hosting your domain. Check the zone file for a "TXT" record, which would contain the SPF string. The zone file is also where you will find your mail MX records and domain host records.
0
 
LVL 13

Expert Comment

by:Govvy
ID: 36816889
Sample to compare:

Type Domain Name TTL Record
TXT google.com 60 min v=spf1 include:_netblocks.google.com ip4:216.73.93.70/31 ip4:216.73.93.72/31 ~all
0
 

Author Comment

by:mgedlaman
ID: 36817283
Sorry guys, I wasn't clear.  I'm the new server administrator for the domain.  The DC has DNS, on it, and I thought it was in there somewhere, just didn't know where to look.  Thank you for reading inbetween the lines robw.  

I tried the tools from the above suggestions, seems the one from papertrip showed I don't have one, however, the mxtoolbox site showed a result...hard to tell from that result if there is one in place.
0
 
LVL 21

Expert Comment

by:Papertrip
ID: 36817375
What is your domain?  I can tell you if the SPF record is correct, as well as give advice for best practices.

Check out this thread I worked on from yesterday for some overall SPF info.
0
 
LVL 1

Expert Comment

by:robw24
ID: 36817394
I run a domain with DNS servers as well, however our SPF record is not for the internal domain. It is for the public DNS server. Publishing an SPF record does not protect your own domain, it is intended to protect other domains from people pretending to be from your domain. It tells them to not accept mail from your domain unless it is coming from specific designated hosts that you define in the SPF record. For this purpose it needs to be on a public DNS server, not an internal private one. You could go to DNSSTUFF.com and put in your domain name and it will display the public records for that domain, including the SPF record if you have one.
0
 

Author Comment

by:mgedlaman
ID: 36818172
Papertrip, I appreciate your enthusiasm, I don't feel comfortable posting that here.  I will check out your other thread for further advice.  Thank you so much!

Yes Rob, it would be embarassing for our company to be sending "spam" to other companies for sure.  It would also be helpful to shield the internal domain as well though.
0
 
LVL 1

Accepted Solution

by:
robw24 earned 2000 total points
ID: 36891171
In order to protect your internal domain, you will utilize the SPF records of other domains. Example, if someone emails your domain from somedomain.com, you do an SPF lookup for that domain to see if that email is coming from an approved server.

As far as your internal emails being spoofed, I think you have a different problem. I really don't know anything about your setup, but your mail server should not be accepting email from internal sources, whether spoofed or not, unless it is a server or device that needs to relay off it. Email generated within your internal email server should not ever be spoofed. If it is, then it is because your email server software is allowing clients to change the sender info, which it should not so. If clients are just relaying off the server with spoofed addresses, then you need to only allow designated clients to relay off the server, not just anyone.

I could be wrong with my advice but i'm just trying to help with the limited knowledge that I have. I don't usually answer questions here, I am mostly an "asker".
0
 

Author Closing Comment

by:mgedlaman
ID: 36912389
Thank you for sticking with this to the end Rob!  

Found out it was a single infected terminal!?  We are in the process of cleaning it :)
0

Featured Post

Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

As much as Microsoft wants to kill off PST file support, just as they tried to do with public folders, there are still times when it is useful or downright necessary to export Exchange mailboxes to PST files. Thankfully, it is still possible to e…
This month, Experts Exchange sat down with resident SQL expert, Jim Horn, for an in-depth look into the makings of a successful career in SQL.
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

609 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question