SPF Record

  • Thread starter Thread starter peterbienek
  • Start date Start date
P

peterbienek

Hi all,

I have setup an SPF record on our w2k server by inserting a TXT record
(using MMC and following the procedure described at
http://www.anti-spamtools.org/SenderIDEmailPolicyTool/Default.aspx).

When I do a test (http://www.dnsstuff.com/pages/spf.htm), it seems that
the record cannot be found, I get an "Error: I could not get the SPF
string..."

Is there a timelag between setting up a the record on MMX and showing
up on the internet or could this be a firewall issue (there's an
ISA-server).

Thanks for any hint,
Peter
 
I have setup an SPF record on our w2k server by inserting a TXT record
(using MMC and following the procedure described at
http://www.anti-spamtools.org/SenderIDEmailPolicyTool/Default.aspx).

When I do a test (http://www.dnsstuff.com/pages/spf.htm), it seems that
the record cannot be found, I get an "Error: I could not get the SPF
string..."
Click to expand...

Give us the DNS name of the record so that we can look at it.

I am now an "expert" on SPF records -- this means that I have
recently made practically every mistake that CAN be made in
creating or editing them.

I also have a fairly sophisticated (you might call it FUNKY)
outbound email system so it also required me to learn most
of the keyword "Mechanisms".
Is there a timelag between setting up a the record on MMX and showing
up on the internet or could this be a firewall issue (there's an
ISA-server).
Click to expand...

You record should be immediately available from the Primary
DNS server where you set it -- it should be available on the
secondary servers for that zone in a reasonable time but that is
up to you to setup and determine.

What is your DNS server?

Also remember this has to be placed on a PUBLICLY available
DNS just like your WWW or SMTP-MX records are placed.

Then there is TTL (time to live) if you have an existing record
AND then later change it, some servers may be cachine the old
version of the record until TTL expires.

We need the domain name to check it. You can also post it, but
really we need to see it is available publicly and can view it
that way.

Also we need to know which email servers can send mail on
your behalf -- every one, no matter how obscure.

(For instance, I had to find a safe way to authorize certain
Roadrunner Mail server WITHOUT allowing every dial-up
or cable client to do that as well. It isn't hard but you have
to find the correct child zones or server to specify, or find the
SPF for that "other zone" to include/redirect.)
 
Back
Top