locked
SPF Sending\Recieving Server "behind" a firewall w\NAT

    Question

  • Hello everyone,

    i have question:  Which IP addresses should i use on my SPF record for sending\receiving e-Mail, should it be my ext. firewall IP address or the actual internal local IP address of my exchange server or both?

    i tend to think that it should only be my ext. ip addresses, because if i include the internal local ip address, this would defeat the purpose of NAT.

    any guidance is greatly appreciated!
    ra2833
    Friday, December 12, 2008 4:02 PM

Answers

  • SPF identifies the servers you allow to send external emails for your domain.

     You should specify the external IP(s) that foreign recipients see when receiving emails from you.

    Related reading: 
    Sender ID and SPF are about Anti-Spoofing
    http://www.exchangeinbox.com/article.aspx?i=38


    IMF Tune - Unleash the Full Intelligent Message Filter Power - http://www.windeveloper.com/imftune/
    • Marked as answer by Elvis Wei Monday, December 22, 2008 7:39 AM
    Monday, December 15, 2008 12:14 PM
  • Hi,

    If you add a record for the parent domain, leave the Record name box blank. If you do not add a record for the parent domain, type the single part name of the domain in the Record name box.

    How to configure Sender of Policy Framework records in the Windows Server 2003 Domain Name System
    http://support.microsoft.com/kb/912716

    Thanks,

    Elvis



     


    Elvis Wei
    • Marked as answer by Elvis Wei Monday, December 22, 2008 7:40 AM
    Tuesday, December 16, 2008 7:07 AM

All replies

  • SPF identifies the servers you allow to send external emails for your domain.

     You should specify the external IP(s) that foreign recipients see when receiving emails from you.

    Related reading: 
    Sender ID and SPF are about Anti-Spoofing
    http://www.exchangeinbox.com/article.aspx?i=38


    IMF Tune - Unleash the Full Intelligent Message Filter Power - http://www.windeveloper.com/imftune/
    • Marked as answer by Elvis Wei Monday, December 22, 2008 7:39 AM
    Monday, December 15, 2008 12:14 PM
  • Thank you so Alex...  this surely helps me alot...
    ra2833
    Monday, December 15, 2008 8:00 PM
  • wanted to ask..

    does my spf record need to be "named" as:

    1. (same as parent folder)
    or
    2. name of my mx record?

    and does the text on the spf record need to be inside " here "?

    thx,



    ra2833
    Monday, December 15, 2008 9:50 PM
  • Hi,

    If you add a record for the parent domain, leave the Record name box blank. If you do not add a record for the parent domain, type the single part name of the domain in the Record name box.

    How to configure Sender of Policy Framework records in the Windows Server 2003 Domain Name System
    http://support.microsoft.com/kb/912716

    Thanks,

    Elvis



     


    Elvis Wei
    • Marked as answer by Elvis Wei Monday, December 22, 2008 7:40 AM
    Tuesday, December 16, 2008 7:07 AM