SPF Record Policy

I am trying to write an SPF policy to be used to govern the creation and management of these records.  Basically we have no standard for SPF and this has lead to spoofing and spam. Additionally marketing partners are using the domain to send email, instead of "marketing.domain.com.  Fear is that this could lead to getting us black listed.  So I need to say, here is our standard (the SPF record has be configured to...) and marketing partners cannot use the "domain.com" to send e-mail, instead they must use something like "marketing.domain.com.    

Any thoughts?
Owens63Asked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Will SzymkowskiSenior Solution ArchitectCommented:
I would recommend checking out www.openspf.org for best practices when it comes to SPF Records creating/managing them.

SPF Best Practices
http://www.openspf.org/Best_Practices

Microsoft also has a nice GUI which will walk you through the SPF Record Creation
https://www.microsoft.com/mscorp/safety/content/technologies/senderid/wizard/

Will.
0
matrix8086Commented:
You must type in your domain record zone

IN SPF "v=spf1 mx -all"

or, in case that your DNS server does not recognize SPF directive, you can use TXT

IN TXT "v=spf1 mx -all"
0
Owens63Author Commented:
My bad, I was looking more for the verbiage for a policy/governance prospective.  Here is what I have so far:

"SPF Record:
<<COMPANY NAME>> will be compliant with the Sender Policy Framework (SPF) and will configure it to tell the receiving mail systems to reject any mail coming from any source not covered in the SPF record.  This will include all domains owned or managed by <<COMPANY NAME>>.  <<COMPANY NAME>> domain that are not configured for email will have an SPF record that tells the receiving mail system that the domain does not provide mail services and will be rejected.  
IMPORTANT NOTE: Third parties that sent mail on behalf of <<COMPANY NAME>>, such as marketing groups, will be required use sub domains, such as mailist.companyname.com "

How does that sound?
0
matrix8086Commented:
Ah, ok!

For me, as a sysadmin, it's sounds crystal clear :)

As a manager ... I hope I am prettty smart to ask a sysadmin "wtf does it means? Please take care of!" :)

Best regards!
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
DrAtomicCommented:
I would start off the text with explaining what SPF entails (see bolded addition), i.e. the management summary lol.

Today, nearly all abusive e-mail messages carry fake sender addresses. The Sender Policy Framework (SPF) is an open standard specifying a technical method to prevent sender address forgery.

<<COMPANY NAME>> will be compliant with the Sender Policy Framework (SPF) and will configure it to tell the receiving mail systems to reject any mail coming from any source not covered in the SPF record.  This will include all domains owned or managed by <<COMPANY NAME>>.  <<COMPANY NAME>> domain that are not configured for email will have an SPF record that tells the receiving mail system that the domain does not provide mail services and will be rejected.  

IMPORTANT NOTE: Third parties that sent mail on behalf of <<COMPANY NAME>>, such as marketing groups, will be required to use sub domains, such as mailist.companyname.com
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
DNS

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.