none
Questions about SPF and PTR records

    Question

  • Hello,

    I would like to get some advise on setting up the SPF record for Exchange on-premises 2013 that has Google Message Security (Postini) as its front-end spam filtering service. 

    Domain: mail.domain.com

    External IP for mail server: 37.X.X.62

    Default Gateway: 37.X.X.61 (Outbound Email) - The external receipts receive the Emails from mail.domain.com (37.X.X.61).

    PTR Record:

    PTR record is currently setup for the default gateway IP 37.X.X.61, I would also like to add the PTR record for my mail server IP. Is it recommended to have a PTR record published for the mail server IP as well? Technically, 2 IP addresses will be pointing to one PTR record mail.domain.com. 

    Thanks!

    Tuesday, April 5, 2016 6:53 PM

Answers

  • The default gateway and the outbound IP address aren't necessarily the same address.  In fact, it doesn't make much sense to me.  Your default gateway would normally be an internal address that points to your network switch.  You should be able to tell from the message headers of a message you send what the IP address is externally.

    If you own your IP subnet, you can create your own PTR record.  However, I'd suggest that it's more likely that your PTR record has to be created by your ISP since they probably own the subnet.  Here's more information.

    https://mxtoolbox.com/problem/smtp/smtp-reverse-dns-resolution

    The SPF record is completely independent of the PTR; it's a TXT record that you control through your Internet DNS provider that associates the IP addresses and/or hostnames with your e-mail domain(s) telling the world that they should trust mail from those IP addresses and/or hostnames.  This link is the best reference I've seen for creating an SPF record.

    http://www.openspf.org/SPF_Record_Syntax


    Ed Crowley MVP "There are seldom good technological solutions to behavioral problems."
    Celebrating 20 years of providing Exchange peer support!


    Tuesday, April 5, 2016 8:10 PM
    Moderator
  • My question - Is it recommended to have multiple PTR records with the same hostname?

    1st PTR record: mail.domain.com (37.X.X.61) - already created by ISP. (37.X.X.61) is the public IP of my router.

    2nd PTR record: mail.domain.com (37.X.X.62). 37.X.X.62 is the external IP of the mail server. 

    In a nutshell, there will be one A record that will be pointing to my mail server and two reverse DNS (PTR) records. 


    What matters is what address is used for SMTP mail going out.  If it all goes via the "router", which I assume to mean a "mail gateway", then that's the only one that requires a PTR.  If your outbound SMTP goes via multiple IP addresses, then you should have a PTR for each of them.  However, I would think that in such cases you want to give each of them a different name so you can create separate MX records for them inbound, assuming you're using the same IP address both outbound and inbound.

    Ed Crowley MVP "There are seldom good technological solutions to behavioral problems."
    Celebrating 20 years of providing Exchange peer support!

    Wednesday, April 6, 2016 6:22 PM
    Moderator

All replies

  • The default gateway and the outbound IP address aren't necessarily the same address.  In fact, it doesn't make much sense to me.  Your default gateway would normally be an internal address that points to your network switch.  You should be able to tell from the message headers of a message you send what the IP address is externally.

    If you own your IP subnet, you can create your own PTR record.  However, I'd suggest that it's more likely that your PTR record has to be created by your ISP since they probably own the subnet.  Here's more information.

    https://mxtoolbox.com/problem/smtp/smtp-reverse-dns-resolution

    The SPF record is completely independent of the PTR; it's a TXT record that you control through your Internet DNS provider that associates the IP addresses and/or hostnames with your e-mail domain(s) telling the world that they should trust mail from those IP addresses and/or hostnames.  This link is the best reference I've seen for creating an SPF record.

    http://www.openspf.org/SPF_Record_Syntax


    Ed Crowley MVP "There are seldom good technological solutions to behavioral problems."
    Celebrating 20 years of providing Exchange peer support!


    Tuesday, April 5, 2016 8:10 PM
    Moderator
  • Hi,

    Agree with Ed.Just make a simple supplement about SPF and PTR records.

    PTR record resolves the IP address to a domain/hostname. You can think of the PTR record as an opposite of the A record.

    https://kb.intermedia.net/article/1317

    SPF is a method of fighting spam. It specifies a list of authorized host names/IP addresses that mail can originate from for a given domain name.

    Also have a look at the following links to get more information about SPF:

    https://mediatemple.net/community/products/dv/204404314/how-can-i-create-an-spf-record-for-my-domain

    Please note: Since the website is not hosted by Microsoft, the link may change without notice. Microsoft does not guarantee the accuracy of this information.

    Regards,

    David 


    Wednesday, April 6, 2016 2:06 AM
    Moderator
  • A PTR record may be like the opposite of an A record, but the key is that the ISP usually owns the subnet so the ISP has to create the PTR record, unlike the A record, whose domain is owned by the customer.

    Ed Crowley MVP "There are seldom good technological solutions to behavioral problems."
    Celebrating 20 years of providing Exchange peer support!

    Wednesday, April 6, 2016 6:22 AM
    Moderator
  • Thanks for the reply, Ed. I should not have mentioned it as default gateway and that was a typo while doing the copy & paste, it should have been the public IP of the router and that is more evident from the IP address 37.X.X.61 I specified.

    I am aware that PTR record has to be created by my ISP and I know how the PTR and SPF records work, that was not my question actually. My question - Is it recommended to have multiple PTR records with the same hostname?

    1st PTR record: mail.domain.com (37.X.X.61) - already created by ISP. (37.X.X.61) is the public IP of my router.

    2nd PTR record: mail.domain.com (37.X.X.62). 37.X.X.62 is the external IP of the mail server. 

    In a nutshell, there will be one A record that will be pointing to my mail server and two reverse DNS (PTR) records. 


    Wednesday, April 6, 2016 1:32 PM
  • Thanks for the reply, Ed. I should not have mentioned it as default gateway and that was a typo while doing the copy & paste, it should have been the public IP of the router and that is more evident from the IP address 37.X.X.61 I specified.

    That's what I assumed.

    Ed Crowley MVP "There are seldom good technological solutions to behavioral problems."
    Celebrating 20 years of providing Exchange peer support!

    Wednesday, April 6, 2016 6:18 PM
    Moderator
  • My question - Is it recommended to have multiple PTR records with the same hostname?

    1st PTR record: mail.domain.com (37.X.X.61) - already created by ISP. (37.X.X.61) is the public IP of my router.

    2nd PTR record: mail.domain.com (37.X.X.62). 37.X.X.62 is the external IP of the mail server. 

    In a nutshell, there will be one A record that will be pointing to my mail server and two reverse DNS (PTR) records. 


    What matters is what address is used for SMTP mail going out.  If it all goes via the "router", which I assume to mean a "mail gateway", then that's the only one that requires a PTR.  If your outbound SMTP goes via multiple IP addresses, then you should have a PTR for each of them.  However, I would think that in such cases you want to give each of them a different name so you can create separate MX records for them inbound, assuming you're using the same IP address both outbound and inbound.

    Ed Crowley MVP "There are seldom good technological solutions to behavioral problems."
    Celebrating 20 years of providing Exchange peer support!

    Wednesday, April 6, 2016 6:22 PM
    Moderator