Solved

SPF record creation

Posted on 2014-04-30
9
1,246 Views
Last Modified: 2014-05-01
Afternoon All,
    I have server 2008 managing DNS for over 100 external facing website. I need to ensure that the SPF records are setup correct as i am getting conflicting results from MX Toolbox.

Kitterman is coming back without errors (see attached)
XMToolbox is throwing the attached error

the info from MXToolbox is as follows:
Note: Using TXT records to contain SPF information was designed as a transitional mechanism as some servers and clients did not support the new SPF record type. It is best practice to publish your SPF record via DNS as both a SPF record and and TXT record. When you do this, they MUST match exactly in accordance with RFC 4408 section 3.1.1.

I have used the text file to create the SPF record, whats the difference

im running server 2008 r2 to manage the DNS

Thanks
kitterman.png
SPF-error.png
0
Comment
Question by:ncomper
  • 5
  • 4
9 Comments
 
LVL 25

Accepted Solution

by:
Marcus Bointon earned 500 total points
ID: 40032273
There is no difference in format, just put the same data in both. That said, while SPF-type records were a recommendation in the original RFC4408, they saw little use and were thus deprecated in RFC4408bis, and removed in the newly ratified RFC7208.

In short, you don't need to use SPF type records any more, just TXT is fine. Mxtoolbox is wrong.
0
 
LVL 5

Author Comment

by:ncomper
ID: 40032381
The attached is a shot of the SPF in place, the Top v=spf is what i know as a default record created in DNS, the 2nd spf2 is my attempt to understand the information gathered earlier.

Can you please confirm the origional spf in place looks correct for me.

Thanks
spf.png
0
 
LVL 25

Expert Comment

by:Marcus Bointon
ID: 40032406
Don't bother with spf2 - that's SenderID and nobody is using it any more, not even Microsoft. I can't tell you if your original SPF is any good because that screen shot is largely illegible and truncated.
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 
LVL 25

Assisted Solution

by:Marcus Bointon
Marcus Bointon earned 500 total points
ID: 40032414
Incidentally I recommend dmarcian.com's SPF Surveyor for checking SPF, DKIM and DMARC.
0
 
LVL 5

Author Comment

by:ncomper
ID: 40034149
Thanks Squinky, ill review the tool. As you can imagine posting all my External IP addresses in the image would not be the best idea on a public forum. but below is a copy of the record with addresses substituted

v=spf1 ip4:204.XXX.X.XXX/27 ip4:198.XXX.XXX.XXX/27 ip4:38.XX.XX.XX/27 ip4:XXX.XXX.XXX.X/27 ip4:XX.XX.XX.X/24 include:eu._netblocks.mimecast.com include:us._netblocks.mimecast.com include:za._netblocks.mimecast.com ~all
0
 
LVL 25

Expert Comment

by:Marcus Bointon
ID: 40034153
That looks fine.
0
 
LVL 5

Author Comment

by:ncomper
ID: 40034201
Sorry to keep pushing on this....

On checking with the Dmarcian i receive the following:

DNS-querying mechanisms/modifiers:

"The SPF record authorizes 28 individual netblocks using 3 DNS-querying mechanisms/modifiers. The maximum number of DNS-querying mechanisms/modifiers is 10.

This record utilizes a small number of DNS-querying mechanisms/modifiers. No fixing is required. If this record is meant to be included by other records, consider reducing the number of DNS-querying mechanisms/modifiers (if possible) to keep total resource consumption low."

From the above can i report back that this should work within the boundary's of SPF records without issues?

Thanks,
0
 
LVL 25

Expert Comment

by:Marcus Bointon
ID: 40034554
Yes.
0
 
LVL 5

Author Closing Comment

by:ncomper
ID: 40034576
Managed to resolve
0

Featured Post

Are your AD admin tools letting you down?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Resolve DNS query failed errors for Exchange
A safe way to clean winsxs folder from your windows server 2008 R2 editions
This tutorial will give a short introduction and overview of Backup Exec 2012 and how to navigate and perform basic functions. Click on the Backup Exec button in the upper left corner. From here, are global settings for the application such as conne…
The basic steps you have just learned will be implemented in this video. The basic steps are shown to configure an Exchange DAG in a live working Exchange Server Environment and manage the same (Exchange Server 2010 Software is used in a Windows Ser…

776 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question