mgedlaman
asked on
Server 2008 R2 SPF record, where is it?
Where should I be looking for the SPF record existence? I have GFI mail essentials on site, and I'm aware they provide a free SPF service with their software, but it's currently shut off.
I'm asking because the spam that is coming from internal sources (spoofing I think this is called?) is increasing for some users. Coming from old email addresses that are rarely used (old contacts that haven't updated their contacts list; people who remember the company as their old name, etc.).
I'm asking because the spam that is coming from internal sources (spoofing I think this is called?) is increasing for some users. Coming from old email addresses that are rarely used (old contacts that haven't updated their contacts list; people who remember the company as their old name, etc.).
http://www.mxtoolbox.com/spf.aspx
SPF records are TXT records for the parent domain.
You can look yours up at http://www.kitterman.com/spf/validate.html
You can look yours up at http://www.kitterman.com/spf/validate.html
Apologies I was distracted and misspoke. I meant an SPF record is a TXT record for the sending domain.
SPF records are always located on public zone records for the domain. So start with whoever is hosting your domain. Check the zone file for a "TXT" record, which would contain the SPF string. The zone file is also where you will find your mail MX records and domain host records.
Sample to compare:
Type Domain Name TTL Record
TXT google.com 60 min v=spf1 include:_netblocks.google. com ip4:216.73.93.70/31 ip4:216.73.93.72/31 ~all
Type Domain Name TTL Record
TXT google.com 60 min v=spf1 include:_netblocks.google.
ASKER
Sorry guys, I wasn't clear. I'm the new server administrator for the domain. The DC has DNS, on it, and I thought it was in there somewhere, just didn't know where to look. Thank you for reading inbetween the lines robw.
I tried the tools from the above suggestions, seems the one from papertrip showed I don't have one, however, the mxtoolbox site showed a result...hard to tell from that result if there is one in place.
I tried the tools from the above suggestions, seems the one from papertrip showed I don't have one, however, the mxtoolbox site showed a result...hard to tell from that result if there is one in place.
What is your domain? I can tell you if the SPF record is correct, as well as give advice for best practices.
Check out this thread I worked on from yesterday for some overall SPF info.
Check out this thread I worked on from yesterday for some overall SPF info.
I run a domain with DNS servers as well, however our SPF record is not for the internal domain. It is for the public DNS server. Publishing an SPF record does not protect your own domain, it is intended to protect other domains from people pretending to be from your domain. It tells them to not accept mail from your domain unless it is coming from specific designated hosts that you define in the SPF record. For this purpose it needs to be on a public DNS server, not an internal private one. You could go to DNSSTUFF.com and put in your domain name and it will display the public records for that domain, including the SPF record if you have one.
ASKER
Papertrip, I appreciate your enthusiasm, I don't feel comfortable posting that here. I will check out your other thread for further advice. Thank you so much!
Yes Rob, it would be embarassing for our company to be sending "spam" to other companies for sure. It would also be helpful to shield the internal domain as well though.
Yes Rob, it would be embarassing for our company to be sending "spam" to other companies for sure. It would also be helpful to shield the internal domain as well though.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thank you for sticking with this to the end Rob!
Found out it was a single infected terminal!? We are in the process of cleaning it :)
Found out it was a single infected terminal!? We are in the process of cleaning it :)