Creating a correct SPF record

Hi, i want to create an SPF record but:
- My hosting provider hasn't an SPF area, but only TXT area

- Surfing the web i can find a lot of info or best practices, but i don't know which follow ("don't use INCLUDEmechanism, if you use A mechanism you have to first create a dns A record, don't write more of 405 char, don't use ~ALL because it cause SOFT FAIL.....and so on)

- we send mail with two different SMTP Authenticad server, external to our network. Only in case of trouble, directly with our MX record

- trying to validate my txt spf record here:
http://www.kitterman.com/spf/validate.html
i receive Ok but with a warning a can't understand:
Results - record processed without error.
The result of the test (this should be the default result of your record) was, ambiguous . The explanation returned was, SPF Ambiguity Warning: No MX records found for mx mechanism: example.com


- this is record i created:
v=spf1 mx include:_smtpsvc.xxxxxxxxxx.com include:_spf.yyyyyyyyyyyy -all

Please help me creating a correct and validate record for my domain, and clear me benefits of making it.
Really thanks, sorry for my english, ask me for details

Mattia
Mattia MinerviniAsked:
Who is Participating?

Improve company productivity with a Business Account.Sign Up

x
 
Vince GlissonConnect With a Mentor OwnerCommented:
use this to create your spf
http://www.spfwizard.net

use this to test it
http://mxtoolbox.com/spf.aspx

way more info than you probably want it here
http://www.openspf.org
1
 
Todd NelsonConnect With a Mentor Systems EngineerCommented:
An SPF record is merely a TXT record with a leading "v=spf1" on the record.  That defines it as an SPF record.

This is what a typical SPF record looks like for a customer with O365 currently configured in a hybrid...

v=spf1 include:spf.protection.outlook.com mx ip4:1.2.3.4 -all

v=spf1 ip4:2.3.4.5 ip4:3.4.5.6 ip4:4.5.6.7 ip4:5.6.7.8 a -all

This specific "include" is for mail that comes directly from O365 ... could be another hosted spam filter too.

The "mx" and "a" used to check the validity of mail sent against the IP addresses you have defined by your MX and A records.

The "ip4" is a check to valid additional IP addresses mail might come from that are not associated with your MX or A records (which could be a hosted spam filter or the like).

You should not need an underscore unless that is how your hosted spam filter wants it configured.
0
 
MdlinnettCommented:
@Todd,  I've seen the underscore used before.  When mail goes via a 3rd party (smart host, cloud security), there are so many servers and IPs that can change, they house a list which the record beginning with an underscore points to.

This means the provider updates the list once and in one place only if a change is made to their infrastructure.

Another useful tool is http://www.mail-tester.com
0
 
Mattia MinerviniAuthor Commented:
Positive contribute. record SPF is up and running
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.