Solved

Can someone confirm this SPF / TXT is setup correctly?  Values inside.

Posted on 2014-04-01
5
437 Views
Last Modified: 2014-04-01
I want to have this setup as optimal as possible, I think I understand and have this correct but would like an experts opinion.  Info is fake, to protect the innocent. :)

Mail server is at clients site.  This and the backup MX record are the only two sources that can deliver email for this domain.  Office public IP which is static is 172.123.123.1/32.  The reverse DNS and A record for the mail server is mail.domain.org.  The backup MX record address is bu.backupmxserver.com.

Here is what I have:
"v=spf1 mx a ip4:172.123.123.1/32 a:mail.domain.org include:backupmxserver.com -all"

Open in new window


Should I include/exclude anything given this information?  If I need to provide more info, please let me know.  

Also, is the syntax the same for TXT and SPF?  I could use what I have here for both?

I used this wizard to get what I have so far:
http://www.spfwizard.net/
0
Comment
Question by:LanMan6401
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
5 Comments
 
LVL 63

Accepted Solution

by:
Simon Butler (Sembee) earned 500 total points
ID: 39970523
If you have both servers listed in your MX records, then you probably don't need them listed specifically - you are in effect duplicating the records.
Furthermore, if you have the DNS records setup correctly, you wouldn't need the IP address to be listed.

Thus you should be able to get it down to

"v=spf1 mx ~all"

I never go straight to -all for new deployments.

I use a tool at the dmarcian web site to see if the record can be flattened even further.
However you do need to have published the record for it to work.

https://dmarcian.com/spf-survey/

Simon.
0
 
LVL 1

Author Comment

by:LanMan6401
ID: 39970644
Thank you, Simon.  That makes sense.  

Sometimes we have issues and need to forward out going emails through a host outside of the clients network.  If I needed to do this, and that forwarding services IP was 172.111.111.112/32, would this be correct?

"v=spf1 mx a ip4:172.111.111.112/32 ~all"

Thank you for the link too!
0
 
LVL 63

Expert Comment

by:Simon Butler (Sembee)
ID: 39970678
If it is a single address, then don't bother with the mask:
ip4:x.x.x.x

Simon.
0
 
LVL 1

Author Comment

by:LanMan6401
ID: 39970682
You sir, are awesome.  Thank you for the quick replies and help!
0
 
LVL 1

Author Closing Comment

by:LanMan6401
ID: 39970685
Thank you again!
0

Featured Post

Major Incident Management Communications

Major incidents and IT service outages cost companies millions. Often the solution to minimizing damage is automated communication. Find out more in our Major Incident Management Communications infographic.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article explains how to install and use the NTBackup utility that comes with Windows Server.
An introduction to the wonderful sport of Scam Baiting.  Learn how to help fight scammers by beating them at their own game. This great pass time helps the world, while providing an endless source of entertainment. Enjoy!
To show how to create a transport rule in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Rules tab.:  To cr…
how to add IIS SMTP to handle application/Scanner relays into office 365.

728 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question