baleman2
asked on
SPF record - where to install it?
Our Domain, exampleA.com, sits behind a Fortigate 105c firewall. The Public IP address to reach the Fortigate (which handles ALL traffic) is: xxx.xxx.50.50. The IP address of our Internet Service Provider's DNS Server is: xxx.xxx.25.25.
If I use the MX Toolbox to do a "DNS" lookup, it returns our Public IP - xxx.xxx.50.50. If I use the MX Toolbox to do an NS Lookup, it returns the ISP's DNS IP - xxx.xxx.25.25.
Servers are:
1) DC1-Domain Controller - also acting as internal DNS server running on Server 2008 Standard
2) EX1-Exchange Server with Exchange 2007 running on Server 2008 Standard
Over 300 end users are getting hammered with spam daily. So far, Fortigate techs have not been able to stem the flow, so I've begun to look into the usage of an SPF record.
Our Exchange server hosts 2 other domains for email: exampleB and exampleC.
I've used the Microsoft Utility to create the following SPF record:
v=spf1 a mx ptr ip4:xxx.xxx.50.50 mx:exampleA.com mx:exampleB.com mx:exampleC.com
Note that to get "xxx.xxx.50.50" in the record, I inputted our Public IP address into the Microsoft Utility. Should I have inputted "xxx.xxx.25.25" into the utility instead?
Do I publish this SPF record on my internal DC1 (also acting as internal DNS server) or do I furnish this "TXT" record to my Internet Service Provider and let them publish it on their DNS server?
If I use the MX Toolbox to do a "DNS" lookup, it returns our Public IP - xxx.xxx.50.50. If I use the MX Toolbox to do an NS Lookup, it returns the ISP's DNS IP - xxx.xxx.25.25.
Servers are:
1) DC1-Domain Controller - also acting as internal DNS server running on Server 2008 Standard
2) EX1-Exchange Server with Exchange 2007 running on Server 2008 Standard
Over 300 end users are getting hammered with spam daily. So far, Fortigate techs have not been able to stem the flow, so I've begun to look into the usage of an SPF record.
Our Exchange server hosts 2 other domains for email: exampleB and exampleC.
I've used the Microsoft Utility to create the following SPF record:
v=spf1 a mx ptr ip4:xxx.xxx.50.50 mx:exampleA.com mx:exampleB.com mx:exampleC.com
Note that to get "xxx.xxx.50.50" in the record, I inputted our Public IP address into the Microsoft Utility. Should I have inputted "xxx.xxx.25.25" into the utility instead?
Do I publish this SPF record on my internal DC1 (also acting as internal DNS server) or do I furnish this "TXT" record to my Internet Service Provider and let them publish it on their DNS server?
newmath
If your ISP also hosts your MX records, then yes -- you would create your TXT record there.
ASKER
Before I came onboard as a tech, exampleA.com and exampleB.com is hosted by a public "hosting" company. Yet another "hosting" company is hosting exampleC.com. However, MX records at those "hosting" companies point to our Public IP address.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.