Solved

Can someone confirm this SPF / TXT is setup correctly?  Values inside.

Posted on 2014-04-01
5
431 Views
Last Modified: 2014-04-01
I want to have this setup as optimal as possible, I think I understand and have this correct but would like an experts opinion.  Info is fake, to protect the innocent. :)

Mail server is at clients site.  This and the backup MX record are the only two sources that can deliver email for this domain.  Office public IP which is static is 172.123.123.1/32.  The reverse DNS and A record for the mail server is mail.domain.org.  The backup MX record address is bu.backupmxserver.com.

Here is what I have:
"v=spf1 mx a ip4:172.123.123.1/32 a:mail.domain.org include:backupmxserver.com -all"

Open in new window


Should I include/exclude anything given this information?  If I need to provide more info, please let me know.  

Also, is the syntax the same for TXT and SPF?  I could use what I have here for both?

I used this wizard to get what I have so far:
http://www.spfwizard.net/
0
Comment
Question by:LanMan6401
  • 3
  • 2
5 Comments
 
LVL 63

Accepted Solution

by:
Simon Butler (Sembee) earned 500 total points
Comment Utility
If you have both servers listed in your MX records, then you probably don't need them listed specifically - you are in effect duplicating the records.
Furthermore, if you have the DNS records setup correctly, you wouldn't need the IP address to be listed.

Thus you should be able to get it down to

"v=spf1 mx ~all"

I never go straight to -all for new deployments.

I use a tool at the dmarcian web site to see if the record can be flattened even further.
However you do need to have published the record for it to work.

https://dmarcian.com/spf-survey/

Simon.
0
 
LVL 1

Author Comment

by:LanMan6401
Comment Utility
Thank you, Simon.  That makes sense.  

Sometimes we have issues and need to forward out going emails through a host outside of the clients network.  If I needed to do this, and that forwarding services IP was 172.111.111.112/32, would this be correct?

"v=spf1 mx a ip4:172.111.111.112/32 ~all"

Thank you for the link too!
0
 
LVL 63

Expert Comment

by:Simon Butler (Sembee)
Comment Utility
If it is a single address, then don't bother with the mask:
ip4:x.x.x.x

Simon.
0
 
LVL 1

Author Comment

by:LanMan6401
Comment Utility
You sir, are awesome.  Thank you for the quick replies and help!
0
 
LVL 1

Author Closing Comment

by:LanMan6401
Comment Utility
Thank you again!
0

Featured Post

Want to promote your upcoming event?

Attending an event? Speaking at a conference? Or exhibiting at a tradeshow? Easily inform your contacts by using a promotional banner in your email signature. This will ensure your organization’s most important contacts are in the know.

Join & Write a Comment

We are happy to announce a brand new addition to our line of acclaimed email signature management products – CodeTwo Email Signatures for Office 365.
This article explains in simple steps how to renew expiring Exchange Server Internal Transport Certificate.
In this video we show how to create a Contact in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >> Contact ta…
The basic steps you have just learned will be implemented in this video. The basic steps are shown to configure an Exchange DAG in a live working Exchange Server Environment and manage the same (Exchange Server 2010 Software is used in a Windows Ser…

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now