• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 450
  • Last Modified:

Can someone confirm this SPF / TXT is setup correctly? Values inside.

I want to have this setup as optimal as possible, I think I understand and have this correct but would like an experts opinion.  Info is fake, to protect the innocent. :)

Mail server is at clients site.  This and the backup MX record are the only two sources that can deliver email for this domain.  Office public IP which is static is 172.123.123.1/32.  The reverse DNS and A record for the mail server is mail.domain.org.  The backup MX record address is bu.backupmxserver.com.

Here is what I have:
"v=spf1 mx a ip4:172.123.123.1/32 a:mail.domain.org include:backupmxserver.com -all"

Open in new window


Should I include/exclude anything given this information?  If I need to provide more info, please let me know.  

Also, is the syntax the same for TXT and SPF?  I could use what I have here for both?

I used this wizard to get what I have so far:
http://www.spfwizard.net/
0
LanMan6401
Asked:
LanMan6401
  • 3
  • 2
1 Solution
 
Simon Butler (Sembee)ConsultantCommented:
If you have both servers listed in your MX records, then you probably don't need them listed specifically - you are in effect duplicating the records.
Furthermore, if you have the DNS records setup correctly, you wouldn't need the IP address to be listed.

Thus you should be able to get it down to

"v=spf1 mx ~all"

I never go straight to -all for new deployments.

I use a tool at the dmarcian web site to see if the record can be flattened even further.
However you do need to have published the record for it to work.

https://dmarcian.com/spf-survey/

Simon.
0
 
LanMan6401Author Commented:
Thank you, Simon.  That makes sense.  

Sometimes we have issues and need to forward out going emails through a host outside of the clients network.  If I needed to do this, and that forwarding services IP was 172.111.111.112/32, would this be correct?

"v=spf1 mx a ip4:172.111.111.112/32 ~all"

Thank you for the link too!
0
 
Simon Butler (Sembee)ConsultantCommented:
If it is a single address, then don't bother with the mask:
ip4:x.x.x.x

Simon.
0
 
LanMan6401Author Commented:
You sir, are awesome.  Thank you for the quick replies and help!
0
 
LanMan6401Author Commented:
Thank you again!
0

Featured Post

Get your problem seen by more experts

Be seen. Boost your question’s priority for more expert views and faster solutions

  • 3
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now