Solved

Creating a correct SPF record

Posted on 2016-10-06
4
114 Views
Last Modified: 2016-10-10
Hi, i want to create an SPF record but:
- My hosting provider hasn't an SPF area, but only TXT area

- Surfing the web i can find a lot of info or best practices, but i don't know which follow ("don't use INCLUDEmechanism, if you use A mechanism you have to first create a dns A record, don't write more of 405 char, don't use ~ALL because it cause SOFT FAIL.....and so on)

- we send mail with two different SMTP Authenticad server, external to our network. Only in case of trouble, directly with our MX record

- trying to validate my txt spf record here:
http://www.kitterman.com/spf/validate.html
i receive Ok but with a warning a can't understand:
Results - record processed without error.
The result of the test (this should be the default result of your record) was, ambiguous . The explanation returned was, SPF Ambiguity Warning: No MX records found for mx mechanism: example.com


- this is record i created:
v=spf1 mx include:_smtpsvc.xxxxxxxxxx.com include:_spf.yyyyyyyyyyyy -all

Please help me creating a correct and validate record for my domain, and clear me benefits of making it.
Really thanks, sorry for my english, ask me for details

Mattia
0
Comment
Question by:Mattia Minervini
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
4 Comments
 
LVL 16

Assisted Solution

by:Todd Nelson
Todd Nelson earned 200 total points
ID: 41832253
An SPF record is merely a TXT record with a leading "v=spf1" on the record.  That defines it as an SPF record.

This is what a typical SPF record looks like for a customer with O365 currently configured in a hybrid...

v=spf1 include:spf.protection.outlook.com mx ip4:1.2.3.4 -all

v=spf1 ip4:2.3.4.5 ip4:3.4.5.6 ip4:4.5.6.7 ip4:5.6.7.8 a -all

This specific "include" is for mail that comes directly from O365 ... could be another hosted spam filter too.

The "mx" and "a" used to check the validity of mail sent against the IP addresses you have defined by your MX and A records.

The "ip4" is a check to valid additional IP addresses mail might come from that are not associated with your MX or A records (which could be a hosted spam filter or the like).

You should not need an underscore unless that is how your hosted spam filter wants it configured.
0
 
LVL 10

Accepted Solution

by:
Vince Glisson earned 300 total points
ID: 41832307
use this to create your spf
http://www.spfwizard.net

use this to test it
http://mxtoolbox.com/spf.aspx

way more info than you probably want it here
http://www.openspf.org
1
 
LVL 5

Expert Comment

by:Mdlinnett
ID: 41832575
@Todd,  I've seen the underscore used before.  When mail goes via a 3rd party (smart host, cloud security), there are so many servers and IPs that can change, they house a list which the record beginning with an underscore points to.

This means the provider updates the list once and in one place only if a change is made to their infrastructure.

Another useful tool is http://www.mail-tester.com
0
 

Author Closing Comment

by:Mattia Minervini
ID: 41836446
Positive contribute. record SPF is up and running
0

Featured Post

Instantly Create Instructional Tutorials

Contextual Guidance at the moment of need helps your employees adopt to new software or processes instantly. Boost knowledge retention and employee engagement step-by-step with one easy solution.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In-place Upgrading Dirsync to Azure AD Connect
There are times when we need to generate a report on the inbox rules, where users have set up forwarding externally in their mailbox. In this article, I will be sharing a script I wrote to generate the report in CSV format.
To add imagery to an HTML email signature, you have two options available to you. You can either add a logo/image by embedding it directly into the signature or hosting it externally and linking to it. The vast majority of email clients display l…
This video shows how to quickly and easily add an email signature for all users on Exchange 2016. The resulting signature is applied on a server level by Exchange Online. The email signature template has been downloaded from: www.mail-signatures…
Suggested Courses

623 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question