Solved

Need help with SPF records for my domain

Posted on 2013-11-22
2
3,359 Views
Last Modified: 2013-11-25
We configured SPF records a few weeks ago and I have a feeling they aren't done properly.
Our DNS provider allows us to create both SPF and TXT records. Our emails come from several sources:

Our exchange server
MX Logic (we relay most outbound mail through them)
our CRM system
iContact

a few sites have reported issues with the SPF record. i don't understand the difference between -all, ~all, etc. can anyone help?

the records are, according to http://www.kitterman.com/spf/validate.html (i masked my own domain name):

------------------

SPF record lookup and validation for: mydomain.com

SPF records are primarily published in DNS as TXT records.

The TXT records found for your domain are:
v=spf1 ptr include:mxlogic.net ~all
v=spf1 a:autotask.net -all
v=spf1 a:mydomain.net -all
v=spf1 ip4:72.251.222.50/32 -all
v=spf1 a mx ptr include:icpbounce.com ip4:72.251.222.50/32 -all

SPF records should also be published in DNS as type SPF records.
Type SPF records found for the domain are:
v=spf1 ptr include:mxlogic.net ~all
v=spf1 a:autotask.net -all
v=spf1 a:mydomain.net -all
v=spf1 ip4:72.251.222.50/32 -all
v=spf1 a mx ptr include:icpbounce.com ip4:72.251.222.50/32 -all

Checking to see if there is a valid SPF record.

Results - Permanent Error Two or more type TXT spf records found.
No valid SPF record found of either type TXT or type SPF.
---------------


can anyone point me in the right direction??
0
Comment
Question by:tabush
2 Comments
 
LVL 40

Assisted Solution

by:footech
footech earned 250 total points
ID: 39669362
You should only have a single SPF record which includes all the info.  You can duplicate that record to be a TXT record.
Here's an example of the combined record.
v=spf1 ptr include:mxlogic.net a:autotask.net a:mydomain.net ip4:72.251.222.50/32 a mx include:icpbounce.com -all

Open in new window


There may even be some duplicate info in the above, like "a:mydomain.net" and "a", probalby only one of those is needed.

You may want to look at http://www.openspf.org/SPF_Record_Syntax for syntax.
-all = fail
~all = soft fail
?all = doesn't really say anything
Generally I would recommend to start with ~all.  It depends on the recipient as to what they do with the results from a SPF check.
0
 
LVL 4

Accepted Solution

by:
FutureTechSysDOTcom earned 250 total points
ID: 39669384
Here are some good articles on creating SPF records:

https://www.microsoft.com/mscorp/safety/content/technologies/senderid/wizard/

https://kb.mediatemple.net/questions/658/How+can+I+create+an+SPF+record+for+my+domain%3F#gs

https://support.google.com/a/answer/33786?hl=en

http://www.spfwizard.net/

Many of us have to adjust these things over time.  A combination of proper SPF records, proper MX records, and forward and reverse DNS settings will do wonders for making sure that you don't get flagged as a spammer, and just in general make your email setup much better.
0

Featured Post

Networking for the Cloud Era

Join Microsoft and Riverbed for a discussion and demonstration of enhancements to SteelConnect:
-One-click orchestration and cloud connectivity in Azure environments
-Tight integration of SD-WAN and WAN optimization capabilities
-Scalability and resiliency equal to a data center

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

This article is intended as an extension of a blog on Aging and Scavenging by the MS Enterprise Networking Team. In brief, Scavenging is used as follows: Each record in a zone which has been dynamically registered with an MS DNS Server will have…
Occasionally you run into the website or two that will not resolve properly using your own DNS servers.  Some people simply set up global forwarders for their DNS server.  I don’t recommend doing this because it can cause problems resolving addresse…
This video shows how to quickly and easily add an email signature for all users on Exchange 2016. The resulting signature is applied on a server level by Exchange Online. The email signature template has been downloaded from: www.mail-signatures…

790 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question