Sender Policy Framework confusion…
So, I think I’ve finally got SPF figured out after going through the reference material at http://www.openspf.org/SPF_Record_Syntax. I needed to use SPF to further assist our GFI MailEssentials installation tag SPAM. Here is the TXT DNS record that I added to our public DNS server:
v=spf1 ip4:xx.xx.x.192/26 mx a:sub.domain.com mx:sub.domain.com -all
Check the SPF Record Syntax page above, but I’ll just briefly explain each mechanism. You must begin the record with “v=spf1”. Next I listed “ip4:xx.xx.x.192/26” so that any mail the originates from any server in xx.xx.x.193 to xx.xx.x.254 is valid. I then added the “mx” mechanism, and I probably don’t need to because that is probably covered in the ip4 mechanism, but that says that any mail coming from the listed MX servers in DNS are valid. I then added the subdomain “a:sub.domain.com mx:sub.domain.com” so that mail from “sender@sub.domain.com” would be valid. Lastly, the “-all” mechanism says that if none of these mechanisms match when doing the SPF lookup the email fails the check.
Now, since we run Exchange 2003 and I control the domain.com domain locally through MS DNS, I also added a TXT record to these internal records: “v=spf1 ip4:192.168.10.0/24 ip4:192.168.20.0/24 mx -all”
