SPF record - where to install it?

Our Domain, exampleA.com, sits behind a Fortigate 105c firewall.  The Public IP address to reach the Fortigate (which handles ALL traffic) is:   xxx.xxx.50.50.  The IP address of our Internet Service Provider's DNS Server is:  xxx.xxx.25.25.

If I use the MX Toolbox to do a "DNS" lookup, it returns our Public IP - xxx.xxx.50.50.  If I use the MX Toolbox to do an NS Lookup, it returns the ISP's DNS IP - xxx.xxx.25.25.

Servers are:
1) DC1-Domain Controller - also acting as internal DNS server running on Server 2008 Standard
2) EX1-Exchange Server with Exchange 2007 running on Server 2008 Standard

Over 300 end users are getting hammered with spam daily.  So far, Fortigate techs have not been able to stem the flow, so I've begun to look into the usage of an SPF record.

Our Exchange server hosts 2 other domains for email: exampleB and exampleC.

I've used the Microsoft Utility to create the following SPF record:
    v=spf1 a mx ptr ip4:xxx.xxx.50.50 mx:exampleA.com mx:exampleB.com mx:exampleC.com
Note that to get "xxx.xxx.50.50" in the record, I inputted our Public IP address into the Microsoft Utility.  Should I have inputted "xxx.xxx.25.25" into the utility instead?

Do I publish this SPF record on my internal DC1 (also acting as internal DNS server) or do I furnish this "TXT" record to my Internet Service Provider and let them publish it on their DNS server?
baleman2Asked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

newmathCommented:
If your ISP also hosts your MX records, then yes -- you would create your TXT record there.
0
baleman2Author Commented:
Before I came onboard as a tech, exampleA.com and exampleB.com is hosted by a public "hosting" company.  Yet another "hosting" company is hosting exampleC.com.  However, MX records at those "hosting" companies point to our Public IP address.
0
newmathCommented:
Wherever your MX are that's where your SPF record needs to be. It's really pretty simple. Most DNS hosts have an online manager for creating records -- simply create a TXT record (for the mail host) and plug in the output of the MS utility you used.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
DNS

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.