SPF nslookup over the limit
We are trying to get live.edu set up for just using skydrive at the moment. When a person tries to send the link by email, our spf record rejects it (as it should), because MS's server is not in the record. The provided solution is to add outlook.com
as an include.
Including outlook.com causes an additional 6 nslookups (spf-a, spf-b, spf-c, and spf.messaging.microsoft.com which has two includes of it's own). This puts us way over the limit of 10.
I absolutely hate allowing mail servers that I do not control to be able to spoof an email in the name of my users. However, I have been overruled by our faculty who demand to use third party learning managment systems that want to spoof.
Our SPF record is: v=spf1 a mx ip4:208.89.114.217 ip4:74.204.104.163 ip4:67.133.94.238 ip4:208.18.8.238 ip4:208.18.8.164 ip4:208.18.8.180 include:nur.lunarbreeze.com include:volunteer2.com include:careerstep.com include:pearsoncmg.com include:blackboard.com
-all msv1 t=c7cfeb7ac8400245baf1ad8fcxxxx
I have tried to remove several of them and add them by ip4 address, but then I hit the 255 character limit.
If I remove all of the other includes and just put outlook.com, the email passes our spf. Of course, then we have the problem of allowing it to come in anonymously (but I'll figure that out hopefully).
Any ideas?
Thanks,
Terry
April 19th, 2012 12:08am
hi,
If someone send mail to you, and you need check spf record. It means that the sender should create a spf record in public DNS, then you can check the spf record and if the record is right then you will let the mail pass through. Why you say your spf record
reject the mail. You should ask them add a spf record.
hope can help you
thanksCastinLu
TechNet Community Support
Free Windows Admin Tool Kit Click here and download it now
April 20th, 2012 9:28am
hi,
If someone send mail to you, and you need check spf record. It means that the sender should create a spf record in public DNS, then you can check the spf record and if the record is right then you will let the mail pass through. Why you say your spf record
reject the mail. You should ask them add a spf record.
hope can help you
thanksCastinLu
TechNet Community Support
April 28th, 2012 2:37am
I think the only option here is going to be to change the -all to ~all. That will soft fail rather than hard fail.
Simon. Simon Butler, Exchange MVP
Blog |
Exchange Resources | In the UK?
Hire Me.
Free Windows Admin Tool Kit Click here and download it now
April 28th, 2012 3:48am