Re: SPF record

Toolshedr6 · ‎08-31-2018

Hi,

Since SPF checking both helo host in the header and domain of the email sender what should SPF record reflect.

Do I create SPF record for helo host like mail1.example.com or for entire email domain (user@example.com) so for example.com

How can I make both verifications work.

mail1.example.com IN TXT "v=spf1 mx a ip4:10.10.10.10 -all"

or

example.com. IN TXT "v=spf1 mx a ip4:10.10.10.10 -all"

Thanks

Martin Carr · ‎08-31-2018

Your misunderstanding the concept of SPF...

When a mail server receives an E-mail it performs a lookup on the domain to determine whether the message was sent from an authorized source.

Going from your example, it would appear your mail server sends mail directly, so you need to publish a record in DNS with the public IP address of your mail server.

You have one SPF record per domain, which includes all authorized sources.

Martin

Toolshedr6 · ‎08-31-2018

my current record was set up for hostname.example.com a long time ago by someone who is no longer here.

I was reviewing the settings.

So i'm just trying to figure out if I should keep hostname.example.com or switch to example.com

so basically it matches hostname that is set on ironprot but another issue is that there is no PTR for IP

Essentially how everything is set up is there is MX record for example.com for incoming emails on 1 public IP( resolves to hostname.example.com) and outgoing email from IronPorts NATs to diff public IP(but interface on IronPort is also set to hostname.example.com).

I'm guessing I cant reuse PTR for hostname.example.com and I probably have to create hostname2 PTR, change hostname on IronPorts to hostname2 and change spf to hostname2 to make it work

I don't see how I can re-use hostname record for incoming and outgoing