Solved

Creating a correct SPF record

Posted on 2016-10-06
4
52 Views
Last Modified: 2016-10-10
Hi, i want to create an SPF record but:
- My hosting provider hasn't an SPF area, but only TXT area

- Surfing the web i can find a lot of info or best practices, but i don't know which follow ("don't use INCLUDEmechanism, if you use A mechanism you have to first create a dns A record, don't write more of 405 char, don't use ~ALL because it cause SOFT FAIL.....and so on)

- we send mail with two different SMTP Authenticad server, external to our network. Only in case of trouble, directly with our MX record

- trying to validate my txt spf record here:
http://www.kitterman.com/spf/validate.html
i receive Ok but with a warning a can't understand:
Results - record processed without error.
The result of the test (this should be the default result of your record) was, ambiguous . The explanation returned was, SPF Ambiguity Warning: No MX records found for mx mechanism: example.com


- this is record i created:
v=spf1 mx include:_smtpsvc.xxxxxxxxxx.com include:_spf.yyyyyyyyyyyy -all

Please help me creating a correct and validate record for my domain, and clear me benefits of making it.
Really thanks, sorry for my english, ask me for details

Mattia
0
Comment
Question by:Mattia Minervini
4 Comments
 
LVL 14

Assisted Solution

by:Todd Nelson
Todd Nelson earned 200 total points
ID: 41832253
An SPF record is merely a TXT record with a leading "v=spf1" on the record.  That defines it as an SPF record.

This is what a typical SPF record looks like for a customer with O365 currently configured in a hybrid...

v=spf1 include:spf.protection.outlook.com mx ip4:1.2.3.4 -all

v=spf1 ip4:2.3.4.5 ip4:3.4.5.6 ip4:4.5.6.7 ip4:5.6.7.8 a -all

This specific "include" is for mail that comes directly from O365 ... could be another hosted spam filter too.

The "mx" and "a" used to check the validity of mail sent against the IP addresses you have defined by your MX and A records.

The "ip4" is a check to valid additional IP addresses mail might come from that are not associated with your MX or A records (which could be a hosted spam filter or the like).

You should not need an underscore unless that is how your hosted spam filter wants it configured.
0
 
LVL 10

Accepted Solution

by:
Vince Glisson earned 300 total points
ID: 41832307
use this to create your spf
http://www.spfwizard.net

use this to test it
http://mxtoolbox.com/spf.aspx

way more info than you probably want it here
http://www.openspf.org
1
 
LVL 5

Expert Comment

by:Mdlinnett
ID: 41832575
@Todd,  I've seen the underscore used before.  When mail goes via a 3rd party (smart host, cloud security), there are so many servers and IPs that can change, they house a list which the record beginning with an underscore points to.

This means the provider updates the list once and in one place only if a change is made to their infrastructure.

Another useful tool is http://www.mail-tester.com
0
 

Author Closing Comment

by:Mattia Minervini
ID: 41836446
Positive contribute. record SPF is up and running
0

Featured Post

Find Ransomware Secrets With All-Source Analysis

Ransomware has become a major concern for organizations; its prevalence has grown due to past successes achieved by threat actors. While each ransomware variant is different, we’ve seen some common tactics and trends used among the authors of the malware.

Join & Write a Comment

Find out how to use Active Directory data for email signature management in Microsoft Exchange and Office 365.
This article explains in simple steps how to renew expiring Exchange Server Internal Transport Certificate.
In this video we show how to create a Shared Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >> Sha…
In this video we show how to create a mailbox database in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Servers >> Data…

706 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

14 Experts available now in Live!

Get 1:1 Help Now