Tuesday 4 November 2008

SBS - Client e-mail needs an SPF for SMTP outbound

Whenever we setup a new client, whether they run with a Reputation Services Provider or not, we always have the client's ISP or DNS hosting company setup an SPF record for their e-mail domain or domains.

What is an SPF Record you may ask?

It stands for Sender Policy Framework. It allows e-mail to be transmitted with a different return e-mail address stamp than the network it is being transmitted from.

For example, our @mpecsinc.ca domain has an SPF in place to allow our domain @mpecsinc.ca e-mail to be transmitted from either Nucleus or Interbaun's networks since our e-mail servers reside on both ISP's networks.

Without an SPF in place, some spam filters out there will drop e-mail with a return e-mail address that is not associated with the network it is transmitted from. In many cases, the e-mail servers or reputation services providers will not provide an NDR either. This means that the e-mail will essentially disappear.

Microsoft actually has a wizard for you to use to generate the correct SPF to give to the Internet DNS hosting provider:

Microsoft SPF Wizard

Punch in our own domain mpecsinc.ca and we get:

MPECSInc.ca Domain SPF

Note that our Internet DNS already has the SPF records in place. Continue on in the wizard and we will be asked questions to make changes to the above SPF settings. The final step is the SPF generation itself which will coincide with our current setup.

Once you have those settings in hand, an e-mail to the Internet DNS host will get that record in place.

The link: Microsoft SPF Tool.

This is one more little way we need to be aware of the way e-mail is handled. Being aware of the need for an SPF record is one less thing to look for when troubleshooting e-mail transmission problems.

Need a quick way to test your client's DNS setup? Check this tool out: Men&Mice DoDig. You need to know the ISP's DNS server, the domain name you are researching, and select the ANY option to get the full DNS setup report. This tool is very handy when in a pinch and trying to diagnose Internet facing DNS issues.

Philip Elder
Microsoft Small Business Specialists

*All Mac on SBS posts are posted on our in-house iMac via the Safari Web browser.


stryqx said...

OpenSPF is also a good reference for Sender Policy Framework, as well as providing an SPF record generator.

DNSstuff and CheckDNS.net are also useful for checking DNS resources, and robtex is great for bulk checking RBL lists for domains.

Philip Elder Cluster MVP said...


Thanks for that!

Yes, we subscribe to DNSStuff ... something like a three year subscription IIRC.

The CheckDNS.net link does not seem to be live though its pages show up in search engines.

We will look into robtex a bit more ... it looks really interesting.