Solved

How to test SPF - From Field

Posted on 2013-05-21
10
453 Views
Last Modified: 2013-06-01
Hi All,

We have added SPF TXT and its been validated successfully. However, how do we test if it accepts the sender's domain?

We tried testing by going into Outlook and enter our client's email address in the From field, but it returns we do not have permission to send.

Any ideas?
0
Comment
Question by:goraek
10 Comments
 
LVL 17

Expert Comment

by:TimotiSt
ID: 39187721
SPF supports "softfail", which usually results in a warning but no spam score on filters.

For testing, you'll need a recipient account that has SPF filtering, Gmail is one such thing.
So if you send an email to your gmail address, and check the full headers of that email, you'll see something like:
Received-SPF: pass (google.com: domain of SEMA-CR-3-3UP7Q5G@bounce.oracle-mail.com designates 141.146.5.61 as permitted sender) client-ip=141.146.5.61;
Authentication-Results: mx.google.com;
       spf=pass (google.com: domain of SEMA-CR-3-3UP7Q5G@bounce.oracle-mail.com designates 141.146.5.61 as permitted sender) smtp.mail=SEMA-CR-3-3UP7Q5G@bounce.oracle-mail.com

Open in new window

The above example shows an email from oracle to gmail; it shows that the SPF record checks out fine.
0
 
LVL 18

Expert Comment

by:Sanga Collins
ID: 39187884
You can also use online tools to test your SPF records. I use

http://mxtoolbox.com/SuperTool.aspx

It has worked well for me in the past
0
 
LVL 77

Expert Comment

by:arnold
ID: 39188627
What is it you are trying to test.  The test is to use an unauthorized mail server to send the message through.
i.e. within SPF record you have an A, MX, PTR records that represent the servers/domains from which a mailing from a sender on this domain is authorized.

Now when you send a test message using a sender of that domain through a different server. The receiving mail server:
First, must have SPF validation functionality enabled
Second, this server's configuration of SPF handling whether it is strict and relies on the SPF record for the sender's domain or whether it merely uses that information as input to "spam" consideration, you would only know when the message is bounced.
0
Back Up Your Microsoft Windows Server®

Back up all your Microsoft Windows Server – on-premises, in remote locations, in private and hybrid clouds. Your entire Windows Server will be backed up in one easy step with patented, block-level disk imaging. We achieve RTOs (recovery time objectives) as low as 15 seconds.

 
LVL 2

Author Comment

by:goraek
ID: 39189528
We have added the SPF TXT and it validates it ok. However for us to know if it's working, we need to test. This is an example what we have added into the DNS TXT record:

"v=spf1 a mx ip4:<our WAN IP> ip4:<out 2nd WAN IP> include:company1.com.au include:company2.com redirect=spf.company3.net.au ~all"

When we did a test from our WAN IPs, it works successfully, but how do we test with others as they do not have an IP for us to use.

Any ideas?
0
 
LVL 77

Expert Comment

by:arnold
ID: 39189773
SPF is not an absolute.

You can use any external/remote IP and send an email directly to your server I.e. user@yourdomain to user@yourdomain

I think you might be user the wrong impression on what SPF can do.
0
 
LVL 2

Author Comment

by:goraek
ID: 39189883
SPF authorises the sender's mail server.
We have added our IPs and others as well.
If anyone is trying to send an email on behalf of our domain and its not in the SPF record, this will fail.

Anyway, I've got it going and its appearing to be operational.
We've tested from others (not authorised) and its failing, other-hand for authorised its working.
0
 
LVL 26

Expert Comment

by:DrDave242
ID: 39192927
Do you have numerous outgoing mail servers?  I'm asking because this is a fairly colossal SPF record:
"v=spf1 a mx ip4:<our WAN IP> ip4:<out 2nd WAN IP> include:company1.com.au include:company2.com redirect=spf.company3.net.au ~all"
At the very least, it could probably be made significantly more efficient.
0
 
LVL 2

Author Comment

by:goraek
ID: 39196701
We've got one mail server - however because we have 2 internet links, we want to add all into our SPF in case one of them fails to work, hence the 2 WAN IPS we added.

Its working for us, and no problems whatsoever.
0
 
LVL 2

Accepted Solution

by:
goraek earned 0 total points
ID: 39199952
We've used kitterman, its all good now. Just had to confirm how to use it.
0
 
LVL 2

Author Closing Comment

by:goraek
ID: 39212599
Researched myself
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
When syspreping a clone machine 7 47
How to change the nameserver on Ubuntu Server 6 48
Windows 7 Internet issue 14 54
Palo Alto site-to-site vpn monitoring 5 13
Local Continuous Replication is a cost effective and quick way of backing up Exchange server data. The following article describes the steps required to configure Local Continuous Replication. Also, the article tells you how to restore from a backup…
Marketers need statistics and metrics like everybody else needs oxygen. In this article we explain how to enable marketing campaign statistics for Microsoft Exchange mail.
In this video we show how to create an email address policy in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Mail Flow…
To show how to create a transport rule in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Rules tab.:  To cr…

840 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question