SPF record and blackberry

Similar Messages

• Help Creating an SPF record

  Hi, 
  I would need help please in creating an SPF record.
  here's the following informations i can provide
  Our organization host an exchange server 2010 wish uses popcon to retreive the emails of each users from my mail hosting ISP provider
  the purpose of exchange is purely just for mailbox backups, and retrieval of deleted e-mails (Running ESXI5.5 and VEEAM)
  our ISP MX record is :
  mail.cciaz.org.lb (194.126.18.130)
  incomming mail server: webmail.cciaz.org.lb (194.126.18.130)
  users outside the organization uses OWA and/or outlook anywhere for some
  External owa adress: mail2.cciaz.org.lb (92.62.166.249)
  could plz someone point me in the right direction in creating an SPF record
  Original problem is:
  many users when opening their outlook, receives massive (200+) random receipts (undeliverable) from addresses they dont even know or sent to (ea: canada.com, aol.com,
  etc...)
  Thank you

  Hi,
  For your information:
  Configuring DNS, MX, and SPF Records and Settings
  http://technet.microsoft.com/en-us/library/ff714972.aspx
  Description of Sender Policy Framework (SPF) records
  http://support.microsoft.com/kb/2640313
  Here is a similar thread:
  spf records
  http://social.technet.microsoft.com/Forums/windowsserver/en-US/9b5fef7a-1d5f-4b9d-aa9a-2aaa6b2e8e1a/spf-records
  Hope this helps.

• SPF record confusion

  I've read through a number of forum posts here and elsewhere and still find this a confusing thing to setup.  I believe it is partly because of the way terminology is being used.
  We host our own email on Exchange 2010 servers and have a number of email domains.
  domaina.com
  domainb.com
  domainc.com
  domaind.com
  The mx records for all the above domains look like: mail.domaina.com IPADDRESS (same for domain b, domain c, etc).
  We use an external email filtering service.  As a result, our MX records list the filtering service addresses as the highest priority, with our own mail host listed last: mail.ourdomain.com
  We only send mail from our own email servers.  We do not relay any of our email to another server for delivery to the internet.  We do not use the email filtering service for any outbound email.
  I only want to include the three servers of ours that deliver mail to the internet in our SPF record.
  In the past, when I have done a telnet session to test SMTP from another server inside our network to one of the outbound servers, our server might respond with a different hostname in the HELO/EHLO (one of the four different mail.domaina.com, mail.domainb.com,
  mail.domainc.com or mail.domaind.com hostnames).  For the example, I will say that mail.domaina.com is our primary mail domain which also matches the subject name on our SSL certificates.
  Using a number of different SPF record generating tools, I come up with different SPF records and reading the SPF record creation guidelines, I don't find it any more clear.
  Some of the tools even suggest that the email server names be included in the SPF record.  Here is what was suggested, more or less, by the SPF record generating tools:
  "v=spf1 mx a a:hubtransportserver1.domaina.com a:hubtransportserver2.domaina.com a:hubtransportserver3.domaina.com ip4:xxx.xxx.xxx.202/31 ~all"
  I used a CIDR calculator to convert the three public IP addresses used by our outbound email servers to generate the CIDR range.
  With the information above, can anyone offer guidance on what the proper SPF record format is?  The Microsoft SPF tool is still broken - you can't add more than one mx record domain, no matter how you enter them in the box.  It will work if you only
  enter one mx record domain.
  Any help is appreciated!

  it should have the IP addresses or the domain name of all the server which is authorized to receive the email for your domain 
  Example:
  "v=spf1 ip4:192.168.0.1/16 -all"
  example.com. IN TXT "v=spf1 include:example.net -all"
  ; AND
  example1.com. IN SPF "v=spf1 include:example1.net -all"

• SPF Record?

  Does anyone know about this? If so is this separate from the MX record? IS it really needed? Opinions please...

  The SPF record and the MX record are two different things.
  You can get some background concerning SPF records at:
  http://www.openspf.org/Introduction
  It is a good idea to publish a SPF record; however, (in my opinion) I would set the SPF record so that it will SoftFail ("~all").
  Whether to have SpamAssassin evaluate SPF records (by installing the SPF perl module, see the instructions here: http://discussions.apple.com/thread.jspa?messageID=3813471 ) as a method to filter spam is another issue. Pterobyte did a stellar job of evaluating whether or not to do so. You can read his posts concerning this issue here (his conclusion, and I agree, is not to bother):
  http://discussions.apple.com/thread.jspa?messageID=3800656
  This matter is "kind" of like one of those liberal vs. conservative political issues that many folks have an opinion about, but I'll try and give you my experience with this. Back in January I set SpamAssassin to evaluate SPF records for the purpose of filtering for spam. I eventually removed the filtering for the reasons Pterobyte outlined and the reasons below:
  (1) Most Domains SoftFail.
  From what I can tell most domains that I was seeing coming through either had no SPF record or had a record that ended in ~a (SoftFail). Given this fact, SpamAssassin wasn't able to make heads-or-tails of most SPF records for spam filtering purposes.
  As a side note, SPF seemed hard to implement when a company had several mobile users. So, I got the impression that many companies would just set their SPF to softfail for that reason.
  (2) Spammers Can Publish an SPF Record
  A spammer can post an SPF record, so SpamAssassin doesn't give a SPF_Pass much weight.
  (3) The Rare Exception
  The only time I could really see that SPF record evaluation was going to make a solid impact was with domains that had SPF records ending in -a, and the only time that it was going to make a difference was when a spammer was spoofing a domain with a record ending in -a.
  I only did this for a few days mind you ... but I just wasn't seeing any spam that met that condition that wouldn't have been caught anyway.
  I felt like the load on my server's resources was a bit much given the limited impact the checks were having.

• SPF Record (How Do I Add?)

  Has anyone added a SPF record to cut down on spammers sending mail that looks like it came from your domain? What's your experience been since? I would like some assistance on getting this done on my Mac 10.4 Server.
  Thanks in advance!
  Powermac G5 Dual 2.5   Mac OS X (10.4)  

  http://www.openspf.org/ has wizard that builds a SPF
  record based on answers to simply questions about
  your network. You can use it as a starting point.
  Camelot is correct, the best place to get information about SPF is at the openspf.org web site or the newer new.openspf.org site. Make sure you read all the information because publishing SPF records can have an impact on how your users send email. Be especially aware of the impact if you use email forwarding. Email forwarding breaks SPF!
  You should also join the SPF Help mailing list if you have any further questions that are not answered at the SPF web site. I read all the postings to that list and myself and others will be more than happy to answer any further questions you have.
  As for how effective it is - hard to say because no
  one ever lets you know when they block mail due to
  SPF restrictions.
  Actually, if you fail an SPF check you are sent a bounce email that includes a link to the SPF web site explaining why the email bounced. Here is a sample of a link for an email that my server bounced.
  Please see http://www.openspf.org/why.html?sender=ceo%401000planets.com&ip=85.2.114.191&rec eiver=server.pixelpointstudios.lan, header_comment=server.pixelpointstudios.lan: domain of [email protected] does not designate 85.2.114.191 as permitted sender
  However, for the trivial amount of work it is to
  implement it's worth doing. There's an element of
  chicken-and-egg in the whole process - people won't
  start adding SPF records until mail servers start
  checking them, but mail servers won't check them
  until they're being added to the DNS.
  Well, there are two parts to SPF. There is the publishing of SPF records to protect your own domains and there is the checking of SPF records to validate the email that is sent to you.
  By merely publishing SPF records you are already doing quite a bit. On top of the fact that your are protecting your own domains from fraudulent use, you are also helping stem the flow of forged email for those who are evaluating SPF records on the receiving end.
  If you are running Mac OS X Server 10.4.x, the included SpamAssassin install will evaluate SPF records and use the results in its scoring if you install the SPF Perl modules.
  If you want to go further than that you can install the Mail::SPF::Query Perl module and a Postfix policy plug-in and block SPF failures at your MTA.
  Anything you can do to help stem the flow, as well as
  protect your corporate identity has to be a good
  thing.
  Can't argue with you there!

• Must-know BlackBerry Z10 and BlackBerry 10 tips and tricks

  Check out the following must-know BlackBerry Z10 and BlackBerry 10 tips and tricks to get the most out of your new BlackBerry 10 smartphone.
  1) BlackBerry 10's Built-In Screen Shot Feature
  Capturing a screen shot on a BlackBerry 10 device is simple. Just hold both the volume up and volume down keys simultaneously for a couple of seconds until you hear a shutter sound. Screen shots are saved to your BlackBerry 10 camera gallery.
  2) Volume Up/Down Keys as Media Controls
  You can use your BlackBerry 10 device's volume up and volume down keys to skip through songs in your music librery. To enable this feature, open your BlackBerry 10 Settings by dragging down from the top of your display while on your Active Frames screen or a home screen panel. Choose Settings from the dropdown menu and click System Volume. On the following page, slide the Music Shortcuts button to the On position.
  3) Volume Up/Down Keys and the BlackBerry 10 Camera
  You simply tap your BlackBerry Z10's display with the camera or video camera open to snap an image or start recording a video clip. But it's sometimes easier to use the volume keys. Just tap the volume up or volume down keys with the camera open to snap and image. And you can also use these keys to start and stop video capture when your camera's video mode is enabled.
  4) Instantly Launch Voice Control
  The BlackBerry Z10 can initiate lots of different actions based on voice commands thanks to its Voice Control app. And you can instantly launch Voice Control by holding your device's mute key for a couple of seconds.
  5) Launch BlackBerry Camera from Lock Screen
  BlackBerry 10 lets you quickly launch your camera application from its lock screen, a feature that can be valuable when you want to take spur-of-the-moment shots. A camera icon appears in the bottom-right corner of the locked display screen, and you can hold it for a couple of seconds to launch the camera app.
  6) Advanced BlackBerry Hub Inbox Controls
  The BlackBerry Hub is the central inbox for all of you various BlackBerry 10 application notifications and messages. You can access basic Hub controls by clicking the Menu key at the bottom right of your Hub screen. (The Menu key looks like three dots stacked on top of each other.) But you can also access some advanced BlackBerry Hub controls from the date bars that appear in the inbox stream at the start of each new day.
  Just hold a finger on a date bar to bring up controls that let you skip to the start of the past day, the start of the next day, jump to the top of the BlackBerry Hub, jump to the bottom of your BlackBerry Hub or mark all prior messages as read.
  7) Speedy BlackBerry 10 Navigation
  The BlackBerry 10 OS can be broken down into three main components: The BlackBerry Hub; the Active Frames screen; and your application panels. You can do navigation through these components using a basic set of swipes and gestures. But you can also use the tiny slider tray that appears at the bottom of the Active Frames screen and all of your home panels. Just tap a specific panel in the slide to navigate directly to that panel without scrolling. Touch the Active Frames square, which is composed of four smaller squares, to jump directly to your active apps page. Or tap the Hub button, which looks like three horizontal lines on top of each other, to navigate right to the Hub.
  8) See Your Battery Life Status as a Percentage
  The BlackBerry 10 OS does not currently allow you to set your battery-status indicator to show a specific percentage, only a battery icon. But you can check your device's hardware settings for a more specific battery status. Just open your device's Settings by sliding down from the top of your Active Frames or application-panel screen and choose Settings from the dropdown menu. Then click About. On the following screen, change the Category menu from General to Hardware. You'll see a battery percentage listed in the Hardware information.
  9) BlackBerry 10 Boot Status as a Percentage
  Whenever you restart or power up your BlackBerry 10 devices, a BlackBerry logo appears with a status bar that encircles it. The status bar shows you start-up progress, but you can also view that progress as a percentage number. Just hold your finger anywhere on the BlackBerry logo and a progress percentage appears.
  10) BlackBerry Z10 Keyboard Tips, Tricks and Shortcuts
  You can type special characters using the BlackBerry 10 virtual keyboard by holding your finger on top of a letter with associated special characters (e, a, i, o, u, y, etc.), and then sliding your finger over to the character of your choice.
  Quickly sliding your finger downward from the top of your keyboard to its bottom cycles through the number and character screens so you don't have to tap the number/character screens button, which can slow down typing.
  And you can delete an entire word instead of just individual letters by swiping leftward from the backspace key toward the center of your keyboard.
  Click Her to know more

  This could of been posted by JSanders already in his thread!
  Want to contract me? You can follow me on Twitter @RobGambino
  Be sure to click Like! for those who have helped you.
  Click Accept as Solution for posts that have solved your issue(s)!

• Should I use an SPF Record?

  Our site allows people to send a request to various subscribers by email. The emails are sent with the FROM being the requesters email address so that our subscribers can reply to them directly.
  In the last week we have received a lot of bounced emails from accounts that don't exist on our server. I think setting up an SPF record could help in this regard.
  However, given the way our service works, does it make sense to set up an SPF record?
  Any thoughts would be appreciated.
  Thanks.

  Adding an SPF record would help in regards to people using your domain name as the source of spam messages. It wouldn't have any effect on emails you send out under other people's name, though.
  If your server sends out a message from [email protected] your SPF record doesn't come into play at all, but under those circumstances you wouldn't get the bounce message anyway - it would go to [email protected] However, your IP address may get flagged as sending bogus email.
  In any case I'd add a SPF record. It's not hard to do, and it helps insulate your domain from problems. There's no downside to having it unless users in your domain regularly send mail from other mail servers (which they shouldn't be doing anyway).

• Leopard DNS Server: Zones with SPF records?

  Hi all,
  I'm trying to figure out how to setup SPF (Sender Policy Framework) records for some domains I'm currently managing with a Leopard DNS server and I don't see any documentation anywhere. Can someone please tell me if it's even an option? I'm new to running DNS with Leopard, so I could use all the help I can get.
  Sincerely,
  Israel
  Message was edited by: Israel Thompson
  Message was edited by: Israel Thompson

  Israel Thompson wrote:
  So let me see if I have this right. Any changes I want to make that will not be editable in the GUI, I want to do them in db.mydomain.com instead of db.mydomain.com.zone.apple? Easy enough. However I tried adding "v=spf1 a mx ~all" (with quotes) to my file and it appeared to have broken the dns zone. What’s the proper way to enter these in manually? Can you give me an example of how it looks in your zone files? I’ve pasted a sample of mine below. Tell me if anything is wrong.
  Israel,
  I am new to Leopard Server - so I'm no DNS guru. I, too, have not used a DNS setup tool that requires a FQDN just associate an IP with the base of the domain (mydomain.com.). How did you get your 'mydomain.com. IN A 11.22.33.44' accomplished? Did you create a new A record and put mydomain.com. in the Machine Name field?
  Here's my setup:
  ========================
  db.mydomain.com
  ========================
  ;THE FOLLOWING INCLUDE WAS ADDED BY SERVER ADMIN. PLEASE DO NOT REMOVE.
  $INCLUDE /var/named/zones/db.mydomain.com.zone.apple
  ========================
  db.mydomain.com.zone.apple
  ========================
  $TTL 10800
  mydomain.com. IN SOA ns1.mydomain.com. admin.mydomain.com. (
  2008010951 ;Serial
  7200 ;Refresh
  3600 ;Retry
  604800 ;Expire
  345600 ;Negative caching TTL
  mydomain.com. IN NS ns1.mydomain.com.
  mydomain.com. IN NS ns.mydomain.com.
  mydomain.com. IN A 64.251.168.218
  mydomain.com. IN TXT "v=spf1 ip:64.251.168.218 ip:64.251.168.220 ~all"
  www IN A 64.251.168.218
  mail.mydomain.com. IN A 64.251.168.220
  mail.mydomain.com. IN TXT "v=spf1 a ~all"
  xserve.mydomain.com. IN A 64.251.168.218
  xserve.mydomain.com. IN TXT "v=spf1 a ~all"
  ns IN A 64.251.168.218
  ns1 IN A 64.251.168.220
  mydomain.com. IN MX 10 mail.mydomain.com.
  ... where xserve.mydomain.com is my machine's hostname.
  I have a funky setup for DNS because I don't have a different, or second, DNS server (just the one on my Xserve with everything else) and my name servers are under this zone. I added the two IPs for my mail and hostname to the base SPF record. Someone could still spoof from using the name or www domains (same IPs) but I can check for it using Postfix up front. I also added "v=spf1 a ~all" in case another mail server tries to check the mailing server or hostname directly.
  You'll usually want to set a TXT "v=spf1 ~all" (SPF null) for any records that have no possibility for mail origins, like your ftp and mobile, but it appears you also have a similar issue to me - those services will be running under the same IPs as the mail service. This is why I added "v=spf1 a ~all" to all essential services (mail and hostname). I don't know what will happen if you add an SPF null to an unnecessary service that happens to also have the same IP. (Will the IP get blocked in a cache during a lookup??) So I didn't add an SPF TXT to those domains. I'm a little confused at this point. I should probably read more about it.
  http://www.openspf.org/FAQ/Common_mistakes
  Also, you'll notice I added FQDN to mail and xserve. If I do this and ensure they are in my reverse DNS PTR records then I've seen that when I add new zone records with same IPs (like for another domain) then the PTR records don't keep switching to the newest entry (why does it do that?).
  I don't think your use of the . in the CNAME records is correct. I think the CNAME records are probably unnecessary since you have already fully defined the domains in A records. Also, those A records probably don't need FQDNs (with the ending .). I only added mine for the reason noted above, concerning the PTR records.
  I hope someone who knows some more than I can chime in on this.
  Larry
  Message was edited by: Larry_S (removed mx from SPF TXT for main domain record, as it was redundant with the ip:)

• Emails, Call Logs and BlackBerry Messenger messages deleted

  Almost exactly 2 years from the date I got my BlackBerry Curve 8300, my emails, call logs and BlackBerry Messenger messages keeps getting deleted without notice.  The BlackBerry then stalls until I remove the battery and I log on again. Can anyone help me idetify the problem and how I can resolve this?
  Solved!
  Go to Solution.

  HI and Welcome to the Forums!
  Wow -- 2 years without an issue on a computing device! A record! Excellent! Here are some KB's that might be helpful:
  KB14213 Call logs, SMS text messages, and email messages are deleted on the BlackBerry smartphone
  KB14320 How to maximize free space and battery power on the BlackBerry smartphone
  KB15345 How to qualify low memory situations on the BlackBerry smartphone
  http://www.blackberryforums.com/general-blackberry-discussion/116396-managing-your-bb-memory-lost-ca...
  http://www.blackberryforums.com/general-blackberry-discussion/112029-losing-call-logs-sms-emails-opt...
   Hopefully something there will be useful.
  Good luck!
  Occam's Razor nearly always applies when troubleshooting technology issues!
  If anyone has been helpful to you, please show your appreciation by clicking the button inside of their post. Please click here and read, along with the threads to which it links, for helpful information to guide you as you proceed. I always recommend that you treat your BlackBerry like any other computing device, including using a regular backup schedule...click here for an article with instructions.
  Join our BBM Channels
  BSCF General Channel
  PIN: C0001B7B4   Display/Scan Bar Code
  Knowledge Base Updates
  PIN: C0005A9AA   Display/Scan Bar Code

• Virtual mail hosts: 255 character limit on SPF records

  This one was a surprise to me, and caused a lot of headache, so I thought I'd pass it along.
  I'm running multiple virtual mail hosts off of my doughty PowerMac single G5 1.8GHz running OS X Server 10.4.11. Some of the outgoing mail was being bounced as spam because a) there wasn't an SPF record on any of the domains and b) the domain of the mailserver didn't always match the domain of the sender. (Most often, it went out under the hostname of the server, cerberus.limbo.jcf.org—which is useless, since that's a LAN address.)
  Trying to be a good citizen (and make sure that all of everyone's mail got through), I added SPF records that explicitly named each and every mailserver on the machine, just so that everything was clear and aboveboard—but they ended up being about 500 characters long.
  Fastforward a week or two... and I was having problems with my DNS zones loading—I'd get errors that they'd timed out. After pulling my hair out for a while, I discovered that TXT records have a limit of 255 characters (including spaces, etc.) Some folks running servers on non-OS X Server machines have split the records over multiple TXT records (does that even work?), but you get exactly one TXT record per OS X Server machine: the Comment box.
  I've now simplified the SPF records so that they read something like this:
  +v=spf1 a mx mx:cerberus.limbo.jcf.org mx:cerberus.jcf.org mx:jcf.org ip:173.164.140.96/30 ip:207.58.140.213/30 include:comcast.businessclass.net include:comcast.com -all+
  To translate:
  • +v=spf1 a mx+ It authorizes deliveries from any IP listed in the DNS zone, and from any mailserver defined in the zone
  • +mx:cerberus.limbo.jcf.org mx:cerberus.jcf.org mx:jcf.org+ It also explicitly authorizes deliveries from the server's main LAN and internet DNS names as well as the domain of the foundation for which I work (and through which emails are occasionally relayed)
  • +ip:173.164.140.96/30 ip:207.58.140.213/30+ Next it authorizes the public static IP blocks for the server and the foundation's remote server
  • +include:comcast.businessclass.net include:comcast.com+ Finally it includes the domain names of the ISP through which most of the mail are relayed
  • -all The last item says that if the mail didn't originate from one of those addresses, it isn't ours.
  (I think that I've got that right. If I've botched it anywhere, let me know, okay?)
  That's 169 characters. The DNS zones loaded happily, and the mail seems to be going out without getting bounced. So far so good!
  (There's probably a way to get the hostname on each email to match the domain from which it is being addressed, but I haven't gotten there yet.)
  Message was edited by: David Kudler

  Most often, it went out under the hostname of the server, cerberus.limbo.jcf.org—which is useless, since that's a LAN address.
  You can control this via the myhostname setting in Postfix. This defines the name it uses to identify itself to remote mail servers, which sounds like it'll address a lot of your issues.
  I added SPF records that explicitly named each and every mailserver on the machine, just so that everything was clear and aboveboard—but they ended up being about 500 characters long.
  OK, this doesn't make sense. You don't need to list every virtual hostname for every domain.
  All you need to do is add this specific mail server's address in each domain.
  There's no requirement that the hostname of the mail server matches the domain name, so it's entirely valid to create an SPF record in domain1.com that lists mailserver.someotherdomain.com as authoritative. Then, as long as postfix's myhostname says it's mailserver.someotherdomain.com and your reverse DNS resolves to that address your problem is solved.
  ...but you get exactly one TXT record per OS X Server machine: the Comment box.
  Unless you edit your zone file directly and add whatever other records you like. However, given the above, I don't think the 255-character limit should be an issue.
  Even if you didn't want to mess with your zone files directly there's still a way around that - SPF allows for an 'include' record which basically tells remote servers to include the record from some other domain, so for each domain you could just tell it to include some other domain's record (which, in turn, could include another domain) allowing virtually unlimited record length (or, at least, 255 characters per domain you manage).
  SPF Includes are covered here.
  • include:comcast.businessclass.net include:comcast.com Finally it includes the domain names of the ISP through which most of the mail are relayed
  Bzzzz. You've now allowed any other customer of comcastbusiness.net and comcast.com to send mail on your behalf. You probably don't want to do that. When you consider that 'comcast.com' includes every one of their residential customers you can see that you really don't want to do that.

• Creating SPF records

  Having run a few tests on our Server, on of the errors that has come up is that we don't have any SPF records.
  Doing a search sends me to the following site, but it always comes up with the error - System Maintenance in progress. Please try again later.
  microsoft.com/mscorp/safety/content/technologies/senderid/wizard/
  Having looked at some other sites, I come up with different answers.
  Here is my example, our website is hosted by another company, but we run our own mail server.  I have used the following examples
  domain - mydomain.com
  mail server ip - 1.2.3.4
  One wizard come up with the following to add to my DNS
  mydomain.com.  IN TXT "v=spf1 ip4:1.2.3.4"
  Another wizard comes up with the following
  "v=spf1 ip4:1.2.3.4 ?all"
  Another wizard comes up with the following
  "v=spf1 ip4:1.2.3.4 -all"
  Any advice appreciated.
  Trevor

  Hi
  No ones mentioned this that I;ve seen. But the SPF settings get applied to the domain at Nameserver level, so not on the local server, but wherever is configured that
  www.mydomain.com - goes to 10.20.30.40 and remote.mydomain.com goes to 1.2.3.4 and mail.mydomain.com go to 1.2.3.4 etc
  On the name server you set up a new TXT for .mydomain.com
  the values need to have
  v=spf1 - to show this is the SPF settings
  I would then add the IP's and Domains of any PC authorised to send emails on your behalf
  i.e. +ip4:1.2.3.4 +a:mail.mydomain.com +a:remote.mydomain.com - This covers your server doing email directly from it... some SPF servers I've found look for the a record and not IP when tracing back (usually pain ones, so never hurts to add as resolves
  to same place)
  If your website hosted elsewhere has an email form on it you'll need to authorise your webserver to send on your behalf as it will most likely send from a @mydomain.com email address (your own server could class it as spam if not included)
  so +ip4:x.x.x.x(webserver IP) +a:www.mydomain.com
  As for the all bit
  -all is best - means no one else can pretend to be you. I;ve not used ?all, but due to the experience I'm about to explain it could be useful (saves having to use ~all which makes spf pointless)
  If you use -all SPF checkers will only allow emails to come from authorised senders. This leads to a problem with people they email without things set up right... had a few problems. A clients customer, had a spam checker that was offsite, that forwards
  the email on to the server. so email goes from SenderA to SpamCheckerB. SpamCheckerB scans the email and then forwards on to mailserverC
  MailserverC is also set up to check for spam including SPF..... problems is the email has been 'officially' sent from SpamcheckerB and not SenderA.... thus gets rejected by SPF
  If senderA doesn;t use SPF it all goes through fine, or if SPF set to ~all goes through fine
  Obviously this is a bad set up at the customers end, but if your client or yourself can not send to certain customers (no matter how misconfigured they are, and it being their fault) has a knock on to the business
  So please be aware of that if you use -all which is obviously best. Not sure what ?all would do in this case...
  so my setting for your SPF would be
  v=spf1 +ip4:1.2.3.4 +a:mail.mydomain.com +a:remote.mydomain.com +ip4:x.x.x.x(webserver IP) +a:www.mydomain.com -all
  Hope this helps and gives you some trouble shooting ideas in advance

• After adding SPF records for Hybrid Development some external mails bounced back with error SPF Unauthorized mail is prohibited.

  Added v=spf1 include:spf.protection.outlook.com -all and the txt token for the Exchange 2013 hybrid configuration, now some mails bounced back with the error "SPF Unauthorized mail is prohibited". What could be the cause? Should I customized
  the SPF record but it is not mentioned in the procedures for Hybrid configuration to do that. 

  Hi,
  Would you like to mark Ed's reply as an answer so that others can find the solution easily.
  Have a nice day : )
  Thanks
  Mavis
  Mavis Huang
  TechNet Community Support

• How do I set an SPF record?

  I'm quite unfamiliar with SPF records, but I'm using FreshBooks to invoice my clients. However, my invoices seem to be going to many people's junk and spam folders. Freshbooks is suggesting to set an SPF record to avoid this. Can this be done with icloud emails, or is this specifically for a privately owned domain email?

  If you have set up your Domain A-record on the registra to point web traffic to BC you do not set up another A-record in BC.

• DNS spf record for Microsoft

  The spf record for Microsoft has a “ ~ALL “.  What does this do and how do we make use of the same for our domain names?
  NSLOOKUP Output for Microsoft.com:
  > server 4.2.2.1
  Default Server:  vnsc-pri.sys.gtei.net
  Address:  4.2.2.1
  > set type=ANY
  > microsoft.com
  Server:  vnsc-pri.sys.gtei.net
  Address:  4.2.2.1
  Non-authoritative answer:
  microsoft.com   text =
          "v=spf1 mx include:_spf-a.microsoft.com include:_spf-b.microsoft.com inc
  lude:_spf-c.microsoft.com include:_spf-ssg-a.microsoft.com ~all"
  microsoft.com
          primary name server = dns.cp.msft.net
          responsible mail addr = msnhst.microsoft.com
          serial  = 2007053102
          refresh = 300 (5 mins)
          retry   = 600 (10 mins)
          expire  = 2419200 (28 days)
          default TTL = 3600 (1 hour)
  microsoft.com   MX preference = 10, mail exchanger = maila.microsoft.com
  microsoft.com   MX preference = 10, mail exchanger = mailb.microsoft.com
  microsoft.com   MX preference = 10, mail exchanger = mailc.microsoft.com
  microsoft.com   internet address = 207.46.232.182
  microsoft.com   internet address = 207.46.197.32
  microsoft.com   nameserver = ns4.msft.net
  microsoft.com   nameserver = ns5.msft.net
  microsoft.com   nameserver = ns1.msft.net
  microsoft.com   nameserver = ns2.msft.net
  microsoft.com   nameserver = ns3.msft.net
  ==
  Thanks,

  Mechanisms are prefixed with qualifiers:
  "+" Pass
  "-" Fail
  "~" SoftFail
  "?" Neutral
  Mechanisms are evaluated in order and when no matche, the default will be "Neutral".
  If there is no SPF for a domain, the result is "None". If a domain has a temp error during DNS processing, you get the result "TempError" (called "error" in earlier drafts). If some kind of syntax or evaluation error occurs (eg. the domain specifies an unrecognized
  mechanism) the result is "PermError" (formerly "unknown").
  Evaluation of an SPF record can return any of these results:
  Pass -The SPF record designates the host to be allowed to send accept
  Fail -The SPF record has designated the host as NOT being allowed to send reject
  SoftFail - The SPF record has designated the host as NOT being allowed to send but is in transition accept but mark
  Neutral - The SPF record specifies explicitly that nothing can be said about validity accept
  None - The domain does not have an SPF record or the SPF record does not evaluate to a result accept
  PermError - A permanent error has occured (eg. badly formatted SPF record) unspecified
  TempError - A transient error has occured accept or reject
  Marcus @ www.wormy.com

• Spam filter stripping SPF record

  Hello, we are using exchange online protection for spam filtering before anything gets to the on premise sonicwall spam filter. When messages do get through, the sonicwalll is marking some of them as SPF failure so they are being blocked. We never had this
  issue before on legit messages.
  Is there something in EOP that strips SPF records?
  Thanks,

  Hi,
  I think the mechanisms of Anti-Spam of EOP and SPF are different:
  SPF record is a text (TXT) record that helps prevent spoofing and phishing by verifying the domain name.
  Anti-spam feature in EOP uses Content Filtering policy. For more referernce:
  Anti-Spam Protection FAQ
  https://technet.microsoft.com/en-us/library/jj937231(v=exchg.150).aspx
  EOP features
  https://technet.microsoft.com/en-us/library/dn762130(v=exchg.150).aspx
  Thanks,
  Simon Wu
  TechNet Community Support