?
Solved

How to test SPF - From Field

Posted on 2013-05-21
10
Medium Priority
?
459 Views
Last Modified: 2013-06-01
Hi All,

We have added SPF TXT and its been validated successfully. However, how do we test if it accepts the sender's domain?

We tried testing by going into Outlook and enter our client's email address in the From field, but it returns we do not have permission to send.

Any ideas?
0
Comment
Question by:goraek
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
10 Comments
 
LVL 17

Expert Comment

by:TimotiSt
ID: 39187721
SPF supports "softfail", which usually results in a warning but no spam score on filters.

For testing, you'll need a recipient account that has SPF filtering, Gmail is one such thing.
So if you send an email to your gmail address, and check the full headers of that email, you'll see something like:
Received-SPF: pass (google.com: domain of SEMA-CR-3-3UP7Q5G@bounce.oracle-mail.com designates 141.146.5.61 as permitted sender) client-ip=141.146.5.61;
Authentication-Results: mx.google.com;
       spf=pass (google.com: domain of SEMA-CR-3-3UP7Q5G@bounce.oracle-mail.com designates 141.146.5.61 as permitted sender) smtp.mail=SEMA-CR-3-3UP7Q5G@bounce.oracle-mail.com

Open in new window

The above example shows an email from oracle to gmail; it shows that the SPF record checks out fine.
0
 
LVL 18

Expert Comment

by:Sanga Collins
ID: 39187884
You can also use online tools to test your SPF records. I use

http://mxtoolbox.com/SuperTool.aspx

It has worked well for me in the past
0
 
LVL 79

Expert Comment

by:arnold
ID: 39188627
What is it you are trying to test.  The test is to use an unauthorized mail server to send the message through.
i.e. within SPF record you have an A, MX, PTR records that represent the servers/domains from which a mailing from a sender on this domain is authorized.

Now when you send a test message using a sender of that domain through a different server. The receiving mail server:
First, must have SPF validation functionality enabled
Second, this server's configuration of SPF handling whether it is strict and relies on the SPF record for the sender's domain or whether it merely uses that information as input to "spam" consideration, you would only know when the message is bounced.
0
Get 15 Days FREE Full-Featured Trial

Benefit from a mission critical IT monitoring with Monitis Premium or get it FREE for your entry level monitoring needs.
-Over 200,000 users
-More than 300,000 websites monitored
-Used in 197 countries
-Recommended by 98% of users

 
LVL 2

Author Comment

by:goraek
ID: 39189528
We have added the SPF TXT and it validates it ok. However for us to know if it's working, we need to test. This is an example what we have added into the DNS TXT record:

"v=spf1 a mx ip4:<our WAN IP> ip4:<out 2nd WAN IP> include:company1.com.au include:company2.com redirect=spf.company3.net.au ~all"

When we did a test from our WAN IPs, it works successfully, but how do we test with others as they do not have an IP for us to use.

Any ideas?
0
 
LVL 79

Expert Comment

by:arnold
ID: 39189773
SPF is not an absolute.

You can use any external/remote IP and send an email directly to your server I.e. user@yourdomain to user@yourdomain

I think you might be user the wrong impression on what SPF can do.
0
 
LVL 2

Author Comment

by:goraek
ID: 39189883
SPF authorises the sender's mail server.
We have added our IPs and others as well.
If anyone is trying to send an email on behalf of our domain and its not in the SPF record, this will fail.

Anyway, I've got it going and its appearing to be operational.
We've tested from others (not authorised) and its failing, other-hand for authorised its working.
0
 
LVL 26

Expert Comment

by:DrDave242
ID: 39192927
Do you have numerous outgoing mail servers?  I'm asking because this is a fairly colossal SPF record:
"v=spf1 a mx ip4:<our WAN IP> ip4:<out 2nd WAN IP> include:company1.com.au include:company2.com redirect=spf.company3.net.au ~all"
At the very least, it could probably be made significantly more efficient.
0
 
LVL 2

Author Comment

by:goraek
ID: 39196701
We've got one mail server - however because we have 2 internet links, we want to add all into our SPF in case one of them fails to work, hence the 2 WAN IPS we added.

Its working for us, and no problems whatsoever.
0
 
LVL 2

Accepted Solution

by:
goraek earned 0 total points
ID: 39199952
We've used kitterman, its all good now. Just had to confirm how to use it.
0
 
LVL 2

Author Closing Comment

by:goraek
ID: 39212599
Researched myself
0

Featured Post

Get MongoDB database support online, now!

At Percona’s web store you can order your MongoDB database support needs in minutes. No hassles, no fuss, just pick and click. Pay online with a credit card. Handle your MongoDB database support now!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

WARNING:   If you follow the instructions here, you will wipe out your VTP and VLAN configurations.  Make sure you have backed up your switch!!! I recently had some issues with a few low-end Cisco routers (RV325) and I opened a case with Cisco TA…
This month, Experts Exchange’s free Course of the Month is focused on CompTIA IT Fundamentals.
There's a multitude of different network monitoring solutions out there, and you're probably wondering what makes NetCrunch so special. It's completely agentless, but does let you create an agent, if you desire. It offers powerful scalability …
In this brief tutorial Pawel from AdRem Software explains how you can quickly find out which services are running on your network, or what are the IP addresses of servers responsible for each service. Software used is freeware NetCrunch Tools (https…
Suggested Courses
Course of the Month11 days, 5 hours left to enroll

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question