Solved

Can someone confirm this SPF / TXT is setup correctly?  Values inside.

Posted on 2014-04-01
5
436 Views
Last Modified: 2014-04-01
I want to have this setup as optimal as possible, I think I understand and have this correct but would like an experts opinion.  Info is fake, to protect the innocent. :)

Mail server is at clients site.  This and the backup MX record are the only two sources that can deliver email for this domain.  Office public IP which is static is 172.123.123.1/32.  The reverse DNS and A record for the mail server is mail.domain.org.  The backup MX record address is bu.backupmxserver.com.

Here is what I have:
"v=spf1 mx a ip4:172.123.123.1/32 a:mail.domain.org include:backupmxserver.com -all"

Open in new window


Should I include/exclude anything given this information?  If I need to provide more info, please let me know.  

Also, is the syntax the same for TXT and SPF?  I could use what I have here for both?

I used this wizard to get what I have so far:
http://www.spfwizard.net/
0
Comment
Question by:LanMan6401
  • 3
  • 2
5 Comments
 
LVL 63

Accepted Solution

by:
Simon Butler (Sembee) earned 500 total points
ID: 39970523
If you have both servers listed in your MX records, then you probably don't need them listed specifically - you are in effect duplicating the records.
Furthermore, if you have the DNS records setup correctly, you wouldn't need the IP address to be listed.

Thus you should be able to get it down to

"v=spf1 mx ~all"

I never go straight to -all for new deployments.

I use a tool at the dmarcian web site to see if the record can be flattened even further.
However you do need to have published the record for it to work.

https://dmarcian.com/spf-survey/

Simon.
0
 
LVL 1

Author Comment

by:LanMan6401
ID: 39970644
Thank you, Simon.  That makes sense.  

Sometimes we have issues and need to forward out going emails through a host outside of the clients network.  If I needed to do this, and that forwarding services IP was 172.111.111.112/32, would this be correct?

"v=spf1 mx a ip4:172.111.111.112/32 ~all"

Thank you for the link too!
0
 
LVL 63

Expert Comment

by:Simon Butler (Sembee)
ID: 39970678
If it is a single address, then don't bother with the mask:
ip4:x.x.x.x

Simon.
0
 
LVL 1

Author Comment

by:LanMan6401
ID: 39970682
You sir, are awesome.  Thank you for the quick replies and help!
0
 
LVL 1

Author Closing Comment

by:LanMan6401
ID: 39970685
Thank you again!
0

Featured Post

On Demand Webinar - Networking for the Cloud Era

This webinar discusses:
-Common barriers companies experience when moving to the cloud
-How SD-WAN changes the way we look at networks
-Best practices customers should employ moving forward with cloud migration
-What happens behind the scenes of SteelConnect’s one-click button

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Follow this checklist to learn more about the 15 things you should never include in an email signature from personal quotes, animated gifs and out-of-date marketing content.
Marketers need statistics and metrics like everybody else needs oxygen. In this article we explain how to enable marketing campaign statistics for Microsoft Exchange mail.
In this video we show how to create an Address List in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Organization >> Ad…
The video tutorial explains the basics of the Exchange server Database Availability groups. The components of this video include: 1. Automatic Failover 2. Failover Clustering 3. Active Manager

726 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question