Celebrate National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Creating a correct SPF record

Posted on 2016-10-06
4
Medium Priority
?
131 Views
Last Modified: 2016-10-10
Hi, i want to create an SPF record but:
- My hosting provider hasn't an SPF area, but only TXT area

- Surfing the web i can find a lot of info or best practices, but i don't know which follow ("don't use INCLUDEmechanism, if you use A mechanism you have to first create a dns A record, don't write more of 405 char, don't use ~ALL because it cause SOFT FAIL.....and so on)

- we send mail with two different SMTP Authenticad server, external to our network. Only in case of trouble, directly with our MX record

- trying to validate my txt spf record here:
http://www.kitterman.com/spf/validate.html
i receive Ok but with a warning a can't understand:
Results - record processed without error.
The result of the test (this should be the default result of your record) was, ambiguous . The explanation returned was, SPF Ambiguity Warning: No MX records found for mx mechanism: example.com


- this is record i created:
v=spf1 mx include:_smtpsvc.xxxxxxxxxx.com include:_spf.yyyyyyyyyyyy -all

Please help me creating a correct and validate record for my domain, and clear me benefits of making it.
Really thanks, sorry for my english, ask me for details

Mattia
0
Comment
Question by:Mattia Minervini
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
4 Comments
 
LVL 16

Assisted Solution

by:Todd Nelson
Todd Nelson earned 800 total points
ID: 41832253
An SPF record is merely a TXT record with a leading "v=spf1" on the record.  That defines it as an SPF record.

This is what a typical SPF record looks like for a customer with O365 currently configured in a hybrid...

v=spf1 include:spf.protection.outlook.com mx ip4:1.2.3.4 -all

v=spf1 ip4:2.3.4.5 ip4:3.4.5.6 ip4:4.5.6.7 ip4:5.6.7.8 a -all

This specific "include" is for mail that comes directly from O365 ... could be another hosted spam filter too.

The "mx" and "a" used to check the validity of mail sent against the IP addresses you have defined by your MX and A records.

The "ip4" is a check to valid additional IP addresses mail might come from that are not associated with your MX or A records (which could be a hosted spam filter or the like).

You should not need an underscore unless that is how your hosted spam filter wants it configured.
0
 
LVL 10

Accepted Solution

by:
Vince Glisson earned 1200 total points
ID: 41832307
use this to create your spf
http://www.spfwizard.net

use this to test it
http://mxtoolbox.com/spf.aspx

way more info than you probably want it here
http://www.openspf.org
1
 
LVL 5

Expert Comment

by:Mdlinnett
ID: 41832575
@Todd,  I've seen the underscore used before.  When mail goes via a 3rd party (smart host, cloud security), there are so many servers and IPs that can change, they house a list which the record beginning with an underscore points to.

This means the provider updates the list once and in one place only if a change is made to their infrastructure.

Another useful tool is http://www.mail-tester.com
0
 

Author Closing Comment

by:Mattia Minervini
ID: 41836446
Positive contribute. record SPF is up and running
0

Featured Post

Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article will help to fix the below errors for MS Exchange Server 2013 I. Certificate error "name on the security certificate is invalid or does not match the name of the site" II. Out of Office not working III. Make Internal URLs and Externa…
I don't pretend to be an expert at this, but I have found a few things that are useful. I hope that sharing them here will help others, so they will not have to face some rather hard choices. Since I felt this to be a topic of enough importance and…
The video tutorial explains the basics of the Exchange server Database Availability groups. The components of this video include: 1. Automatic Failover 2. Failover Clustering 3. Active Manager
how to add IIS SMTP to handle application/Scanner relays into office 365.

730 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question