08-31-2018 08:28 AM
Hi,
Since SPF checking both helo host in the header and domain of the email sender what should SPF record reflect.
Do I create SPF record for helo host like mail1.example.com or for entire email domain (user@example.com) so for example.com
How can I make both verifications work.
mail1.example.com IN TXT "v=spf1 mx a ip4:10.10.10.10 -all"
or
example.com. IN TXT "v=spf1 mx a ip4:10.10.10.10 -all"
Thanks
08-31-2018 08:51 AM - edited 08-31-2018 08:52 AM
Your misunderstanding the concept of SPF...
When a mail server receives an E-mail it performs a lookup on the domain to determine whether the message was sent from an authorized source.
Going from your example, it would appear your mail server sends mail directly, so you need to publish a record in DNS with the public IP address of your mail server.
You have one SPF record per domain, which includes all authorized sources.
Martin
08-31-2018 09:04 AM - edited 08-31-2018 09:25 AM
my current record was set up for hostname.example.com a long time ago by someone who is no longer here.
I was reviewing the settings.
So i'm just trying to figure out if I should keep hostname.example.com or switch to example.com
so basically it matches hostname that is set on ironprot but another issue is that there is no PTR for IP
Essentially how everything is set up is there is MX record for example.com for incoming emails on 1 public IP( resolves to hostname.example.com) and outgoing email from IronPorts NATs to diff public IP(but interface on IronPort is also set to hostname.example.com).
I'm guessing I cant reuse PTR for hostname.example.com and I probably have to create hostname2 PTR, change hostname on IronPorts to hostname2 and change spf to hostname2 to make it work
I don't see how I can re-use hostname record for incoming and outgoing
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide