Solved

SPF record creation

Posted on 2014-04-30
9
1,237 Views
Last Modified: 2014-05-01
Afternoon All,
    I have server 2008 managing DNS for over 100 external facing website. I need to ensure that the SPF records are setup correct as i am getting conflicting results from MX Toolbox.

Kitterman is coming back without errors (see attached)
XMToolbox is throwing the attached error

the info from MXToolbox is as follows:
Note: Using TXT records to contain SPF information was designed as a transitional mechanism as some servers and clients did not support the new SPF record type. It is best practice to publish your SPF record via DNS as both a SPF record and and TXT record. When you do this, they MUST match exactly in accordance with RFC 4408 section 3.1.1.

I have used the text file to create the SPF record, whats the difference

im running server 2008 r2 to manage the DNS

Thanks
kitterman.png
SPF-error.png
0
Comment
Question by:ncomper
  • 5
  • 4
9 Comments
 
LVL 25

Accepted Solution

by:
Squinky earned 500 total points
Comment Utility
There is no difference in format, just put the same data in both. That said, while SPF-type records were a recommendation in the original RFC4408, they saw little use and were thus deprecated in RFC4408bis, and removed in the newly ratified RFC7208.

In short, you don't need to use SPF type records any more, just TXT is fine. Mxtoolbox is wrong.
0
 
LVL 5

Author Comment

by:ncomper
Comment Utility
The attached is a shot of the SPF in place, the Top v=spf is what i know as a default record created in DNS, the 2nd spf2 is my attempt to understand the information gathered earlier.

Can you please confirm the origional spf in place looks correct for me.

Thanks
spf.png
0
 
LVL 25

Expert Comment

by:Squinky
Comment Utility
Don't bother with spf2 - that's SenderID and nobody is using it any more, not even Microsoft. I can't tell you if your original SPF is any good because that screen shot is largely illegible and truncated.
0
 
LVL 25

Assisted Solution

by:Squinky
Squinky earned 500 total points
Comment Utility
Incidentally I recommend dmarcian.com's SPF Surveyor for checking SPF, DKIM and DMARC.
0
Don't lose your head updating email signatures!

Do your end users still have the wrong email signature? Do email signature updates bore you or fill you with a sense of dread? You can make this a whole lot easier on yourself by trusting an Exclaimer email signature management solution. Over 50 million users do...so should you!

 
LVL 5

Author Comment

by:ncomper
Comment Utility
Thanks Squinky, ill review the tool. As you can imagine posting all my External IP addresses in the image would not be the best idea on a public forum. but below is a copy of the record with addresses substituted

v=spf1 ip4:204.XXX.X.XXX/27 ip4:198.XXX.XXX.XXX/27 ip4:38.XX.XX.XX/27 ip4:XXX.XXX.XXX.X/27 ip4:XX.XX.XX.X/24 include:eu._netblocks.mimecast.com include:us._netblocks.mimecast.com include:za._netblocks.mimecast.com ~all
0
 
LVL 25

Expert Comment

by:Squinky
Comment Utility
That looks fine.
0
 
LVL 5

Author Comment

by:ncomper
Comment Utility
Sorry to keep pushing on this....

On checking with the Dmarcian i receive the following:

DNS-querying mechanisms/modifiers:

"The SPF record authorizes 28 individual netblocks using 3 DNS-querying mechanisms/modifiers. The maximum number of DNS-querying mechanisms/modifiers is 10.

This record utilizes a small number of DNS-querying mechanisms/modifiers. No fixing is required. If this record is meant to be included by other records, consider reducing the number of DNS-querying mechanisms/modifiers (if possible) to keep total resource consumption low."

From the above can i report back that this should work within the boundary's of SPF records without issues?

Thanks,
0
 
LVL 25

Expert Comment

by:Squinky
Comment Utility
Yes.
0
 
LVL 5

Author Closing Comment

by:ncomper
Comment Utility
Managed to resolve
0

Featured Post

How to improve team productivity

Quip adds documents, spreadsheets, and tasklists to your Slack experience
- Elevate ideas to Quip docs
- Share Quip docs in Slack
- Get notified of changes to your docs
- Available on iOS/Android/Desktop/Web
- Online/Offline

Join & Write a Comment

Utilizing an array to gracefully append to a list of EmailAddresses
This process describes the steps required to Import and Export data from and to .pst files using Exchange 2010. We can use these steps to export data from a user to a .pst file, import data back to the same or a different user, or even import data t…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
This tutorial will walk an individual through setting the global and backup job media overwrite and protection periods in Backup Exec 2012. Log onto the Backup Exec Central Administration Server. Examine the services. If all or most of them are stop…

772 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now