How to set up a proper mail server SPF TXT record
with Bind (named) DNS server
I've recently figured out that some of the
SPF records I'm
using for some of the administrated by me mail servers, was found
to be incorrect by Microsoft's mail servers for
hotmail.com,
msn.net and live.com .
Probably the SPF records that I used by so far were found to be
incorrect by other mail account service providers also.
As a consequence of this
wrongly considered SPFs" Microsoft
mail servers were either rejecting my mail server messages or
putting the received messages in the Junk folder.
The SPF records which were shown as incorrect according to
Microsoft SPF checking Mechanism called SenderID SPF Record
Wizard were defined in my
bind dns domain zone file as
follows:
mydomainname.com. IN TXT "v=spf1 mx ip4:123.124.128.125
~all"
Using this
TXT SPF record dns configuration Microsoft's
Sender ID SPF Record Wizard claimed I had no SPF records at
all e.g., checking with the wizard I was returning the error
No SPF Record Found
Microsoft's Sender ID Framework SPF Record Wizard is available
from: The URL address
http://www.microsoft.com/mscorp/safety/content/technologies/senderid/wizard/.
Therefore if you're experiencing some kind of difficulties with
sending properly email messages to Microsoft mail domain names or
to some other major mail providers like Yahoo, it's very likely
that you might have a misconfigured SPF record just like me.
To deal with the situation I had to check my SPF record with the
simple:
"v=spf1 a -all"
The complete TXT record which needs to be placed in the zone file
of your domain name looks like so:
mydomainname.com. IN TXT "v=spf1 a -all"
The
the meaning of this TXT SPF record is that the IP address in
the "A" record for the name is the only IP address that's allowed
to use that server's name
After that change hopefully if you're experiencing mails entering
automatically in
Junk filter / mail folder with
msn.com,
hotmail.com, live.com or yahoo.com this problems should be
immediately solved.
Checking again with the the Microsoft SenderID online tool I got an
output that my SPF record is correct like you read below the output
that poped up from Microsoft's page:
Sender ID Framework SPF Record Wizard
Step 2 of 4: Display Published DNS Records
The wizard has checked DNS for information about prize.bg
including: SPF, MX and A records. This information is displayed
below.
If an SPF record was found, you can verify its contents here and
use the remaining steps of this wizard to modify the record if
necessary. If no SPF record was found, you can use information from
the domain's MX and A records to create a new SPF record.
Click Next to continue.
SPF Record Found
One or more functional SPF record(s) have been found for the domain
mydomain.com
The full text of the domain's SPF record is as follows.
v=spf1 a -all
Another tool which helped me a lot in
debugging problems with my
SPF records is found on the address
http://www.kitterman.com/spf/validate.html so it might be wise
to use it as well in order to check that your SPF records are
correct.