Solved

How to test SPF - From Field

Posted on 2013-05-21
10
458 Views
Last Modified: 2013-06-01
Hi All,

We have added SPF TXT and its been validated successfully. However, how do we test if it accepts the sender's domain?

We tried testing by going into Outlook and enter our client's email address in the From field, but it returns we do not have permission to send.

Any ideas?
0
Comment
Question by:goraek
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
10 Comments
 
LVL 17

Expert Comment

by:TimotiSt
ID: 39187721
SPF supports "softfail", which usually results in a warning but no spam score on filters.

For testing, you'll need a recipient account that has SPF filtering, Gmail is one such thing.
So if you send an email to your gmail address, and check the full headers of that email, you'll see something like:
Received-SPF: pass (google.com: domain of SEMA-CR-3-3UP7Q5G@bounce.oracle-mail.com designates 141.146.5.61 as permitted sender) client-ip=141.146.5.61;
Authentication-Results: mx.google.com;
       spf=pass (google.com: domain of SEMA-CR-3-3UP7Q5G@bounce.oracle-mail.com designates 141.146.5.61 as permitted sender) smtp.mail=SEMA-CR-3-3UP7Q5G@bounce.oracle-mail.com

Open in new window

The above example shows an email from oracle to gmail; it shows that the SPF record checks out fine.
0
 
LVL 18

Expert Comment

by:Sanga Collins
ID: 39187884
You can also use online tools to test your SPF records. I use

http://mxtoolbox.com/SuperTool.aspx

It has worked well for me in the past
0
 
LVL 78

Expert Comment

by:arnold
ID: 39188627
What is it you are trying to test.  The test is to use an unauthorized mail server to send the message through.
i.e. within SPF record you have an A, MX, PTR records that represent the servers/domains from which a mailing from a sender on this domain is authorized.

Now when you send a test message using a sender of that domain through a different server. The receiving mail server:
First, must have SPF validation functionality enabled
Second, this server's configuration of SPF handling whether it is strict and relies on the SPF record for the sender's domain or whether it merely uses that information as input to "spam" consideration, you would only know when the message is bounced.
0
Free NetCrunch network monitor licenses!

Only on Experts-Exchange: Sign-up for a free-trial and we'll send you your permanent license!

Here is what you get: 30 Nodes | Unlimited Sensors | No Time Restrictions | Absolutely FREE!

Act now. This offer ends July 14, 2017.

 
LVL 2

Author Comment

by:goraek
ID: 39189528
We have added the SPF TXT and it validates it ok. However for us to know if it's working, we need to test. This is an example what we have added into the DNS TXT record:

"v=spf1 a mx ip4:<our WAN IP> ip4:<out 2nd WAN IP> include:company1.com.au include:company2.com redirect=spf.company3.net.au ~all"

When we did a test from our WAN IPs, it works successfully, but how do we test with others as they do not have an IP for us to use.

Any ideas?
0
 
LVL 78

Expert Comment

by:arnold
ID: 39189773
SPF is not an absolute.

You can use any external/remote IP and send an email directly to your server I.e. user@yourdomain to user@yourdomain

I think you might be user the wrong impression on what SPF can do.
0
 
LVL 2

Author Comment

by:goraek
ID: 39189883
SPF authorises the sender's mail server.
We have added our IPs and others as well.
If anyone is trying to send an email on behalf of our domain and its not in the SPF record, this will fail.

Anyway, I've got it going and its appearing to be operational.
We've tested from others (not authorised) and its failing, other-hand for authorised its working.
0
 
LVL 26

Expert Comment

by:DrDave242
ID: 39192927
Do you have numerous outgoing mail servers?  I'm asking because this is a fairly colossal SPF record:
"v=spf1 a mx ip4:<our WAN IP> ip4:<out 2nd WAN IP> include:company1.com.au include:company2.com redirect=spf.company3.net.au ~all"
At the very least, it could probably be made significantly more efficient.
0
 
LVL 2

Author Comment

by:goraek
ID: 39196701
We've got one mail server - however because we have 2 internet links, we want to add all into our SPF in case one of them fails to work, hence the 2 WAN IPS we added.

Its working for us, and no problems whatsoever.
0
 
LVL 2

Accepted Solution

by:
goraek earned 0 total points
ID: 39199952
We've used kitterman, its all good now. Just had to confirm how to use it.
0
 
LVL 2

Author Closing Comment

by:goraek
ID: 39212599
Researched myself
0

Featured Post

Forrester Webinar: xMatters Delivers 261% ROI

Guest speaker Dean Davison, Forrester Principal Consultant, explains how a Fortune 500 communication company using xMatters found these results: Achieved a 261% ROI, Experienced $753,280 in net present value benefits over 3 years and Reduced MTTR by 91% for tier 1 incidents.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

When you’re making plans to join the modern business race, you should analyze various details that may affect your results. Nowadays, millions of businesses are trying to grow into established and appreciated professional enterprises.
This article is a collection of issues that people face from time to time and possible solutions to those issues. I hope you enjoy reading it.
Internet Business Fax to Email Made Easy - With  eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, f…
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

724 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question