SPF record setup for tpg.com.au

Hi
I have AAPT/TPG internet in the office and use office 365 for email.
I have a third party software that does not seems to work with office365 SMTP server so I have to send through the mail.tpg.com.au server
Some of the client report that they don't receive our email from that software as it's been rejected.
I believe I need to add the mail.tpg.com.au to the SPF record.
Just need some advice if this right?
v=spf1 include:spf.protection.outlook.com ptr:mail.tpg.com.au -all

I've ask TPG for smtp IP but they keep changing as it's constantly being blacklisted so I need to use FQDN

Any advice much appreciated.
jason wAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

arnoldCommented:
Don't use -all if your ip changes, -all means strict and those who follow will reject when if the SPF rule does not match.
With a dynamic IP, you might be better to use dkim.
You do not need to use your ISP ip since all your outgoing message should be sent through outlook.office365.com
I.e. SMTP outgoing mail server outlook.office365.com or mail/SMTP.office365.com as applicable with authentication.

The SPF record entry for your ip is only needed if you have an internal mail server running that will be directly delivering messages from your domain
depending on your internal mail server, you could configure it to relay through office365.
If you mail. Is listed as an MX you could use it? Or use A:

SPF.org has a tool that you can test your criteria.
jason wAuthor Commented:
Hi
Thanks for getting back so quickly,

I did try to setup using office365 but it keeps dropping off, sometimes it sent and sometimes don't, I have to restart the server to make it work again but the worst part I don't know until my client inform me they didn't receive the email, can't trust it.
I range the software vendor and they recommend to upgrade but it's $60k-$80k so boss is reluctent, they say it's best with internal mailserver or pop3/imap server.

The only issue we're getting is, for some client email gets block, they don't recieve it but if I sent the same email from my outlook via the office365 server they will receive it. which make me think it's a spf issue.

What do you think?
arnoldCommented:
seems spf.org is now a Chinese site.
http://www.openspf.org/ It includes tools that you can use to test.
Your issue is that your IP changes,
You are using PTR, but since it changes, I do not believe it will ever match the mail.tpg.com.au since often a setup for a large organization, mail.tpg.com.au is the doorway to many backend servers. When those servers send out

if you are relaying through mail.tpg.com.au and they do not reject/block your SPF should look as follows:
v=spf1 include:spf.protection.outlook.com include:tpg.com.au -all
if you know the range of IPs that you get, you can add them as an IP:x.x.x.x/24 to the record

This should cover you and any changes they make to tpg.com.au or tpgi.com.au will be accepted for your domain......
Please see the spf framework reference posted here not prior. when you use -all in the spf record, you direct all to reject messages that do not originate from authorized you could use less stringent ~all which may categorize the message as junk.spam but will be accepted and delivered to the user. you could use ?all but in either case spammers using your domain in the sender email address will ......
MaheshArchitectCommented:
you can use "include:tpg.com.au" only if this smtp service have its own SPF record
1st check any one successful message header sent by SMTP service and find out what hostname and IP they are using to send out email (Check "Received from)
if IPs keep changing, all IPs returned must resolve to single ptr entry (smtp.example.com)
OR
you could use a:smtp.example.com where any returned IP must resolve to smtp.example.com
jason wAuthor Commented:
Thanks guys, I am going to just use the include: and see how it goes.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Software

From novice to tech pro — start learning today.