Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

SPF Record


  • Please log in to reply

#1
jaxisland

jaxisland

    Member 1K

  • Member
  • PipPipPipPip
  • 1,703 posts
I am looking on info/advice on setting up a SPF record on my exchange 2003 server.

If anyone has done this before I would appreciate any advice.

Thanks
  • 0

Advertisements


#2
dsenette

dsenette

    Je suis Napoléon!

  • Administrator
  • 26,019 posts
  • MVP
WOOOHOOO i get to help again!! i HAVE set one up that works for my domain... go to http://openspf.org/ they have some great tools but in a nutshell you put a txt record in your DNS (this is the DNS that everyone else in the world sees...so..your external DNS not internal...if you've got external) mine looks like this
"v=spf1 mx a:<A record for my OWA> -all"
as a breakdown
v=spf1 tells it what version of spf to use
MX says that anything listed as MX for my domain should be allowed
A: is to allow any A (host) records that you have in DNS to be allowed as well (such as a secondary mail server that's not in MX..)
-all means that it's a "hardfail" basically meaning anything that's not listed as an MX record or my specific A record (mentioned in the spf record) is automatically deemed nongenuine... you can use ?all to make this a softfail wich will say "i'm pretty sure that this isn't genuine...but i'll let the recipient decide" ~all does something...but i can't remember what... the most effective is the -all because with the other options...the mail still goes through...so it's pretty ineffective.

you can also designate other domain's MX records to be relays with extra MX entries (such as MX:<myothercompany.com>)
  • 0

#3
dsenette

dsenette

    Je suis Napoléon!

  • Administrator
  • 26,019 posts
  • MVP
it should also be noted...that not alot of people are using spf at the moment (except for spammers) so right now this is kind of a CYA kind of deal and will at least give you a venue for proving that the mail didn't really come from you if something does get spoofed
  • 0

#4
jaxisland

jaxisland

    Member 1K

  • Topic Starter
  • Member
  • PipPipPipPip
  • 1,703 posts
"v=spf1 mx ~all"


That is what spf.org spit out for me. I have one exchange server and two dns servers. BUT our domainname.com is hosted out of house by a third party with their own dns servers.

Would that code cover me so that just the people in my dns can send?

My knowledge starts to get thin around this area, so I appreciate the help.

Thanks
  • 0

#5
dsenette

dsenette

    Je suis Napoléon!

  • Administrator
  • 26,019 posts
  • MVP
well...here's a rundown on spf and how it works...as far as your internal network goes (for sending mail)...it does squat...but when y ou send mail out to someone who check spf records (not that many at the moment) their mailsystem will do an extra dns query to check the spf record...if the mail they recieve...has your domain name on it...but the ip doesn't match the spf record in dns...the mail will get rejected...

i would suggest changing the ~ to - (there is a difference)...and the record needs to be added to the same DNS that controlls your MX record...

i.e. i use at&t for my t1...they manage my DNS info (i've got internal dns servers as well...but that's for internal stuff)...i've got a management portal with at&t MIS that lets me modify my own dns records...
so basically wherever your MX record is being hosted...is where you need to put the spf record...so if this outside company that's hosting your domain name...also has your MX record...then that's where you need to put the SPF record
  • 0

#6
jaxisland

jaxisland

    Member 1K

  • Topic Starter
  • Member
  • PipPipPipPip
  • 1,703 posts
I have my MX record on my server in house here.

I will add it to that dns server. Will this cause major problems if its not done correctly?
  • 0

#7
jaxisland

jaxisland

    Member 1K

  • Topic Starter
  • Member
  • PipPipPipPip
  • 1,703 posts
I added it, but now how do I know its working and not causing problems?

I used:

v=spf1 mx -all

Thanks

FYI- DNSreports.com still says I dont have a SPF record?

Any ideas?

Edited by jaxisland, 02 October 2006 - 11:41 AM.

  • 0

#8
dsenette

dsenette

    Je suis Napoléon!

  • Administrator
  • 26,019 posts
  • MVP
it won't cause any issues if it's done correctly...unless you're sending mail out to someone who check's SPF records...but the record you posted shouldn't cause any issues because all it's saying is "if the mail didn't come from this domain's MX record...don't accept it"...if you like...you could pm me an email address on the domain and i can try to spoof an email
  • 0

#9
jaxisland

jaxisland

    Member 1K

  • Topic Starter
  • Member
  • PipPipPipPip
  • 1,703 posts
I sent you a PM.

Thanks
  • 0

#10
dsenette

dsenette

    Je suis Napoléon!

  • Administrator
  • 26,019 posts
  • MVP
sent one back...hehe..
  • 0

#11
jaxisland

jaxisland

    Member 1K

  • Topic Starter
  • Member
  • PipPipPipPip
  • 1,703 posts
There is something going on with the people who host our website, so I am contacting them to look into this some more.

Thanks
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP