• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1407
  • Last Modified:

SPF record creation

Afternoon All,
    I have server 2008 managing DNS for over 100 external facing website. I need to ensure that the SPF records are setup correct as i am getting conflicting results from MX Toolbox.

Kitterman is coming back without errors (see attached)
XMToolbox is throwing the attached error

the info from MXToolbox is as follows:
Note: Using TXT records to contain SPF information was designed as a transitional mechanism as some servers and clients did not support the new SPF record type. It is best practice to publish your SPF record via DNS as both a SPF record and and TXT record. When you do this, they MUST match exactly in accordance with RFC 4408 section 3.1.1.

I have used the text file to create the SPF record, whats the difference

im running server 2008 r2 to manage the DNS

Thanks
kitterman.png
SPF-error.png
0
ncomper
Asked:
ncomper
  • 5
  • 4
2 Solutions
 
Marcus BointonCommented:
There is no difference in format, just put the same data in both. That said, while SPF-type records were a recommendation in the original RFC4408, they saw little use and were thus deprecated in RFC4408bis, and removed in the newly ratified RFC7208.

In short, you don't need to use SPF type records any more, just TXT is fine. Mxtoolbox is wrong.
0
 
ncomperAuthor Commented:
The attached is a shot of the SPF in place, the Top v=spf is what i know as a default record created in DNS, the 2nd spf2 is my attempt to understand the information gathered earlier.

Can you please confirm the origional spf in place looks correct for me.

Thanks
spf.png
0
 
Marcus BointonCommented:
Don't bother with spf2 - that's SenderID and nobody is using it any more, not even Microsoft. I can't tell you if your original SPF is any good because that screen shot is largely illegible and truncated.
0
Protect Your Employees from Wi-Fi Threats

As Wi-Fi growth and popularity continues to climb, not everyone understands the risks that come with connecting to public Wi-Fi or even offering Wi-Fi to employees, visitors and guests. Download the resource kit to make sure your safe wherever business takes you!

 
Marcus BointonCommented:
Incidentally I recommend dmarcian.com's SPF Surveyor for checking SPF, DKIM and DMARC.
0
 
ncomperAuthor Commented:
Thanks Squinky, ill review the tool. As you can imagine posting all my External IP addresses in the image would not be the best idea on a public forum. but below is a copy of the record with addresses substituted

v=spf1 ip4:204.XXX.X.XXX/27 ip4:198.XXX.XXX.XXX/27 ip4:38.XX.XX.XX/27 ip4:XXX.XXX.XXX.X/27 ip4:XX.XX.XX.X/24 include:eu._netblocks.mimecast.com include:us._netblocks.mimecast.com include:za._netblocks.mimecast.com ~all
0
 
Marcus BointonCommented:
That looks fine.
0
 
ncomperAuthor Commented:
Sorry to keep pushing on this....

On checking with the Dmarcian i receive the following:

DNS-querying mechanisms/modifiers:

"The SPF record authorizes 28 individual netblocks using 3 DNS-querying mechanisms/modifiers. The maximum number of DNS-querying mechanisms/modifiers is 10.

This record utilizes a small number of DNS-querying mechanisms/modifiers. No fixing is required. If this record is meant to be included by other records, consider reducing the number of DNS-querying mechanisms/modifiers (if possible) to keep total resource consumption low."

From the above can i report back that this should work within the boundary's of SPF records without issues?

Thanks,
0
 
Marcus BointonCommented:
Yes.
0
 
ncomperAuthor Commented:
Managed to resolve
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

  • 5
  • 4
Tackle projects and never again get stuck behind a technical roadblock.
Join Now