jason w
asked on
SPF record setup for tpg.com.au
Hi
I have AAPT/TPG internet in the office and use office 365 for email.
I have a third party software that does not seems to work with office365 SMTP server so I have to send through the mail.tpg.com.au server
Some of the client report that they don't receive our email from that software as it's been rejected.
I believe I need to add the mail.tpg.com.au to the SPF record.
Just need some advice if this right?
v=spf1 include:spf.protection.out
I've ask TPG for smtp IP but they keep changing as it's constantly being blacklisted so I need to use FQDN
Any advice much appreciated.
I have AAPT/TPG internet in the office and use office 365 for email.
I have a third party software that does not seems to work with office365 SMTP server so I have to send through the mail.tpg.com.au server
Some of the client report that they don't receive our email from that software as it's been rejected.
I believe I need to add the mail.tpg.com.au to the SPF record.
Just need some advice if this right?
v=spf1 include:spf.protection.out
I've ask TPG for smtp IP but they keep changing as it's constantly being blacklisted so I need to use FQDN
Any advice much appreciated.
ASKER
Hi
Thanks for getting back so quickly,
I did try to setup using office365 but it keeps dropping off, sometimes it sent and sometimes don't, I have to restart the server to make it work again but the worst part I don't know until my client inform me they didn't receive the email, can't trust it.
I range the software vendor and they recommend to upgrade but it's $60k-$80k so boss is reluctent, they say it's best with internal mailserver or pop3/imap server.
The only issue we're getting is, for some client email gets block, they don't recieve it but if I sent the same email from my outlook via the office365 server they will receive it. which make me think it's a spf issue.
What do you think?
Thanks for getting back so quickly,
I did try to setup using office365 but it keeps dropping off, sometimes it sent and sometimes don't, I have to restart the server to make it work again but the worst part I don't know until my client inform me they didn't receive the email, can't trust it.
I range the software vendor and they recommend to upgrade but it's $60k-$80k so boss is reluctent, they say it's best with internal mailserver or pop3/imap server.
The only issue we're getting is, for some client email gets block, they don't recieve it but if I sent the same email from my outlook via the office365 server they will receive it. which make me think it's a spf issue.
What do you think?
seems spf.org is now a Chinese site.
http://www.openspf.org/ It includes tools that you can use to test.
Your issue is that your IP changes,
You are using PTR, but since it changes, I do not believe it will ever match the mail.tpg.com.au since often a setup for a large organization, mail.tpg.com.au is the doorway to many backend servers. When those servers send out
if you are relaying through mail.tpg.com.au and they do not reject/block your SPF should look as follows:
v=spf1 include:spf.protection.out
if you know the range of IPs that you get, you can add them as an IP:x.x.x.x/24 to the record
This should cover you and any changes they make to tpg.com.au or tpgi.com.au will be accepted for your domain......
Please see the spf framework reference posted here not prior. when you use -all in the spf record, you direct all to reject messages that do not originate from authorized you could use less stringent ~all which may categorize the message as junk.spam but will be accepted and delivered to the user. you could use ?all but in either case spammers using your domain in the sender email address will ......
http://www.openspf.org/ It includes tools that you can use to test.
Your issue is that your IP changes,
You are using PTR, but since it changes, I do not believe it will ever match the mail.tpg.com.au since often a setup for a large organization, mail.tpg.com.au is the doorway to many backend servers. When those servers send out
if you are relaying through mail.tpg.com.au and they do not reject/block your SPF should look as follows:
v=spf1 include:spf.protection.out
if you know the range of IPs that you get, you can add them as an IP:x.x.x.x/24 to the record
This should cover you and any changes they make to tpg.com.au or tpgi.com.au will be accepted for your domain......
Please see the spf framework reference posted here not prior. when you use -all in the spf record, you direct all to reject messages that do not originate from authorized you could use less stringent ~all which may categorize the message as junk.spam but will be accepted and delivered to the user. you could use ?all but in either case spammers using your domain in the sender email address will ......
you can use "include:tpg.com.au" only if this smtp service have its own SPF record
1st check any one successful message header sent by SMTP service and find out what hostname and IP they are using to send out email (Check "Received from)
if IPs keep changing, all IPs returned must resolve to single ptr entry (smtp.example.com)
OR
you could use a:smtp.example.com where any returned IP must resolve to smtp.example.com
1st check any one successful message header sent by SMTP service and find out what hostname and IP they are using to send out email (Check "Received from)
if IPs keep changing, all IPs returned must resolve to single ptr entry (smtp.example.com)
OR
you could use a:smtp.example.com where any returned IP must resolve to smtp.example.com
ASKER
Thanks guys, I am going to just use the include: and see how it goes.
This question needs an answer!
Become an EE member today
7 DAY FREE TRIALMembers can start a 7-Day Free trial then enjoy unlimited access to the platform.
View membership options
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
With a dynamic IP, you might be better to use dkim.
You do not need to use your ISP ip since all your outgoing message should be sent through outlook.office365.com
I.e. SMTP outgoing mail server outlook.office365.com or mail/SMTP.office365.com as applicable with authentication.
The SPF record entry for your ip is only needed if you have an internal mail server running that will be directly delivering messages from your domain
depending on your internal mail server, you could configure it to relay through office365.
If you mail. Is listed as an MX you could use it? Or use A:
SPF.org has a tool that you can test your criteria.