Solved

Adding Mail server to SPF record

Posted on 2016-09-19
5
90 Views
Last Modified: 2016-09-19
Hi, we have a secure web portal that sends us an email when someone logs in and makes some changes to their account. It is handled and hosted by the developer. It worked fine for a long time but recently we have been receiving bounce backs because the developers server is not authorized to send email on behalf of our Domain.

I have added  their servers IP4 address after the IP address of our mail server, in the SPF record. Does the syntax look correct.

v=spf1 mx ptr mx:mail.ourdomain.com ip4:222.222.222.222 ip4:33.333.33.33 -all
0
Comment
Question by:Stev0W
  • 2
  • 2
5 Comments
 
LVL 16

Expert Comment

by:max_the_king
ID: 41804736
hi,
try and change syntax from
-all
to
~all

hope this helps
max
0
 
LVL 25

Accepted Solution

by:
Marcus Bointon earned 500 total points
ID: 41804738
That looks workable, but I recommend you put the IP addresses first as it makes it faster for receivers to check it, like this:

v=spf1 ip4:222.222.222.222 ip4:33.333.33.33 mx ptr mx:mail.ourdomain.com -all

Open in new window

There's not usually much to be gained by ptr entries in SPF records.

To be certain, check the exact settings that the bounce is coming from manually and make sure its covered by your SPF.
0
 
LVL 25

Expert Comment

by:Marcus Bointon
ID: 41804741
Don't change -all to ~all unless you're also using DMARC; it will weaken your SPF settings unnecessarily. Solve the exact problem, don't just give up!
0
 
LVL 16

Expert Comment

by:max_the_king
ID: 41804743
you may want to read this:

http://www.openspf.org/SPF_Record_Syntax

max
0
 

Author Closing Comment

by:Stev0W
ID: 41804879
Thanks. Moved the record around as suggested and drooped the ptr entry. Seems to be working fine.
0

Featured Post

Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

How to resolve IMCEAEX NDRs in Exchange or Exchange Online related to invalid X500 addresses.
In-place Upgrading Dirsync to Azure AD Connect
To show how to create a transport rule in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Rules tab.:  To cr…
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an antispam), the admini…

685 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question