Michael Green
asked on
How do I set up Sender Pollicy Framework ( SPF) for email domains hosted on Microsoft Exchange 2016 ?
Hi,
My customer has several different email domains hosted on an in-house Microsoft Exchange 2016 server.
How do I set up Sender Policy Framework (SPF) for these domains ?
Note:
- Exchange is 2016CU16 on Windows 2012 Server
- The domains DNS zones are hosted with several different registrars
My customer has several different email domains hosted on an in-house Microsoft Exchange 2016 server.
How do I set up Sender Policy Framework (SPF) for these domains ?
Note:
- Exchange is 2016CU16 on Windows 2012 Server
- The domains DNS zones are hosted with several different registrars
ASKER CERTIFIED SOLUTION
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
SOLUTION
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
If you're using in-house MTAs, then your SPF record in your DNS zone file will have ipv4:X.X.X.X entries.
Here's an example zone file snippet describing an SPF record authorizing various sending IPs...
For in-house MTAs, you'll likely use ipv4 nomenclature or create your own SPF include block.
Here's an example zone file snippet describing an SPF record authorizing various sending IPs...
@ IN TXT ("v=spf1"
" ip4:136.49.241.94" ; GoogleFiber residential connection
" ip4:198.27.112.72/30" ; net14 IP block - catcher + smtp[1234]
" include:mailgun.org" ; Mailgun Published Netblock
" -all")
For in-house MTAs, you'll likely use ipv4 nomenclature or create your own SPF include block.
ASKER
@David Favor I'm confused. Why do I have to use IP addresses rather than the host names I had in my SPF record ? I actually used the wizard to generate this !
No comment has been added to this question in more than 21 days, so it is now classified as abandoned.
I have recommended this question be closed as follows:
Split:
-- 'Udara Peiris' (https:#a43082549)
-- 'David Favor' (https:#a43082573)
If you feel this question should be closed differently, post an objection and the moderators will review all objections and close it as they feel fit. If no one objects, this question will be closed automatically the way described above.
seth2740
Experts-Exchange Cleanup Volunteer
I have recommended this question be closed as follows:
Split:
-- 'Udara Peiris' (https:#a43082549)
-- 'David Favor' (https:#a43082573)
If you feel this question should be closed differently, post an objection and the moderators will review all objections and close it as they feel fit. If no one objects, this question will be closed automatically the way described above.
seth2740
Experts-Exchange Cleanup Volunteer
ASKER
"v=spf1 mx a a:in.hes.trendmicro.com a:mail.mydomain.com a:mail.internode.on.net a:mailgun.org include:mailgun.org -all"
Servers that could be validly sending emails from @mydomain.com
in.hes.trendmicro.com (Trend Micro Hosted Email Security (HES) inbound anti-virus mail server (scans all incoming email)
mail.mydomain.com (my on-premise Microsoft Exchange server)
mail.internode.on.net (my ISP – for some on premise hardware devices that generate SMTP notification emails)
mailgun.org (for email generated from my externally hosted web site)
However when I test on :
https://mxtoolbox.com/SuperTool.aspx
using the MX Record lookups
It says SPF is now correctly setup BUT :
How do I setup DMARC as well ?