Solved

Can someone confirm this SPF / TXT is setup correctly?  Values inside.

Posted on 2014-04-01
5
432 Views
Last Modified: 2014-04-01
I want to have this setup as optimal as possible, I think I understand and have this correct but would like an experts opinion.  Info is fake, to protect the innocent. :)

Mail server is at clients site.  This and the backup MX record are the only two sources that can deliver email for this domain.  Office public IP which is static is 172.123.123.1/32.  The reverse DNS and A record for the mail server is mail.domain.org.  The backup MX record address is bu.backupmxserver.com.

Here is what I have:
"v=spf1 mx a ip4:172.123.123.1/32 a:mail.domain.org include:backupmxserver.com -all"

Open in new window


Should I include/exclude anything given this information?  If I need to provide more info, please let me know.  

Also, is the syntax the same for TXT and SPF?  I could use what I have here for both?

I used this wizard to get what I have so far:
http://www.spfwizard.net/
0
Comment
Question by:LanMan6401
  • 3
  • 2
5 Comments
 
LVL 63

Accepted Solution

by:
Simon Butler (Sembee) earned 500 total points
ID: 39970523
If you have both servers listed in your MX records, then you probably don't need them listed specifically - you are in effect duplicating the records.
Furthermore, if you have the DNS records setup correctly, you wouldn't need the IP address to be listed.

Thus you should be able to get it down to

"v=spf1 mx ~all"

I never go straight to -all for new deployments.

I use a tool at the dmarcian web site to see if the record can be flattened even further.
However you do need to have published the record for it to work.

https://dmarcian.com/spf-survey/

Simon.
0
 
LVL 1

Author Comment

by:LanMan6401
ID: 39970644
Thank you, Simon.  That makes sense.  

Sometimes we have issues and need to forward out going emails through a host outside of the clients network.  If I needed to do this, and that forwarding services IP was 172.111.111.112/32, would this be correct?

"v=spf1 mx a ip4:172.111.111.112/32 ~all"

Thank you for the link too!
0
 
LVL 63

Expert Comment

by:Simon Butler (Sembee)
ID: 39970678
If it is a single address, then don't bother with the mask:
ip4:x.x.x.x

Simon.
0
 
LVL 1

Author Comment

by:LanMan6401
ID: 39970682
You sir, are awesome.  Thank you for the quick replies and help!
0
 
LVL 1

Author Closing Comment

by:LanMan6401
ID: 39970685
Thank you again!
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Follow this checklist to learn more about the 15 things you should never include in an email signature from personal quotes, animated gifs and out-of-date marketing content.
Scam emails are a huge burden for many businesses. Spotting one is not always easy. Follow our tips to identify if an email you receive is a scam.
In this video we show how to create a Distribution Group in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >>…
In this video we show how to create a Resource Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: Navigate to the Recipients >> Resources tab.: "Recipients" is our default selection …

947 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now