Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

SPF record creation

Posted on 2014-04-30
9
1,263 Views
Last Modified: 2014-05-01
Afternoon All,
    I have server 2008 managing DNS for over 100 external facing website. I need to ensure that the SPF records are setup correct as i am getting conflicting results from MX Toolbox.

Kitterman is coming back without errors (see attached)
XMToolbox is throwing the attached error

the info from MXToolbox is as follows:
Note: Using TXT records to contain SPF information was designed as a transitional mechanism as some servers and clients did not support the new SPF record type. It is best practice to publish your SPF record via DNS as both a SPF record and and TXT record. When you do this, they MUST match exactly in accordance with RFC 4408 section 3.1.1.

I have used the text file to create the SPF record, whats the difference

im running server 2008 r2 to manage the DNS

Thanks
kitterman.png
SPF-error.png
0
Comment
Question by:ncomper
  • 5
  • 4
9 Comments
 
LVL 25

Accepted Solution

by:
Marcus Bointon earned 500 total points
ID: 40032273
There is no difference in format, just put the same data in both. That said, while SPF-type records were a recommendation in the original RFC4408, they saw little use and were thus deprecated in RFC4408bis, and removed in the newly ratified RFC7208.

In short, you don't need to use SPF type records any more, just TXT is fine. Mxtoolbox is wrong.
0
 
LVL 5

Author Comment

by:ncomper
ID: 40032381
The attached is a shot of the SPF in place, the Top v=spf is what i know as a default record created in DNS, the 2nd spf2 is my attempt to understand the information gathered earlier.

Can you please confirm the origional spf in place looks correct for me.

Thanks
spf.png
0
 
LVL 25

Expert Comment

by:Marcus Bointon
ID: 40032406
Don't bother with spf2 - that's SenderID and nobody is using it any more, not even Microsoft. I can't tell you if your original SPF is any good because that screen shot is largely illegible and truncated.
0
Optimizing Cloud Backup for Low Bandwidth

With cloud storage prices going down a growing number of SMBs start to use it for backup storage. Unfortunately, business data volume rarely fits the average Internet speed. This article provides an overview of main Internet speed challenges and reveals backup best practices.

 
LVL 25

Assisted Solution

by:Marcus Bointon
Marcus Bointon earned 500 total points
ID: 40032414
Incidentally I recommend dmarcian.com's SPF Surveyor for checking SPF, DKIM and DMARC.
0
 
LVL 5

Author Comment

by:ncomper
ID: 40034149
Thanks Squinky, ill review the tool. As you can imagine posting all my External IP addresses in the image would not be the best idea on a public forum. but below is a copy of the record with addresses substituted

v=spf1 ip4:204.XXX.X.XXX/27 ip4:198.XXX.XXX.XXX/27 ip4:38.XX.XX.XX/27 ip4:XXX.XXX.XXX.X/27 ip4:XX.XX.XX.X/24 include:eu._netblocks.mimecast.com include:us._netblocks.mimecast.com include:za._netblocks.mimecast.com ~all
0
 
LVL 25

Expert Comment

by:Marcus Bointon
ID: 40034153
That looks fine.
0
 
LVL 5

Author Comment

by:ncomper
ID: 40034201
Sorry to keep pushing on this....

On checking with the Dmarcian i receive the following:

DNS-querying mechanisms/modifiers:

"The SPF record authorizes 28 individual netblocks using 3 DNS-querying mechanisms/modifiers. The maximum number of DNS-querying mechanisms/modifiers is 10.

This record utilizes a small number of DNS-querying mechanisms/modifiers. No fixing is required. If this record is meant to be included by other records, consider reducing the number of DNS-querying mechanisms/modifiers (if possible) to keep total resource consumption low."

From the above can i report back that this should work within the boundary's of SPF records without issues?

Thanks,
0
 
LVL 25

Expert Comment

by:Marcus Bointon
ID: 40034554
Yes.
0
 
LVL 5

Author Closing Comment

by:ncomper
ID: 40034576
Managed to resolve
0

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Possible fixes for Windows 7 and Windows Server 2008 updating problem. Solutions mentioned are from Microsoft themselves. I started a case with them from our Microsoft Silver Partner option to open a case and get direct support from Microsoft. If s…
As cyber crime continues to grow in both numbers and sophistication, a troubling trend of optimization has emerged over the last year.
This tutorial will walk an individual through configuring a drive on a Windows Server 2008 to perform shadow copies in order to quickly recover deleted files and folders. Click on Start and then select Computer to view the available drives on the se…
This tutorial will show how to configure a new Backup Exec 2012 server and move an existing database to that server with the use of the BEUtility. Install Backup Exec 2012 on the new server and apply all of the latest hotfixes and service packs. The…

856 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question