As usual, you knock this right out of the park and make it easy enough for everyone to do.

I am surprised you have not started writing a book yet, you do an immense amount of writing for free.

Who knew it was that easy. That wizard blows, it takes you through 8,000 options and doesn’t even tell you what to do with it once you’re done.

Thanks Vlad.

Man, you make this seem so easy. Why can’t Microsoft put together stuff like this or a webcast or something.

To the softies that I know are reading Vlad’s blog:

Why is it that this guy can take a level 300 webcast and turn it into a level 100 n00b paper? Seriously, I cannot follow 300′s or even 200′s, but I still think this should be something my Exchange server needs. Why exclude us just because we don’t know the every in and out of Microsoft software?

Very good article, I appreciate the great examples and screenshots.

Just as a point of clarification – if I do -all the remote server will fail to accept all messages that do not come from my IP range?

Jack

Does it matter that in SBS that the forward lookup zone is domain.local rather than domain.com as in your example?

Amy,

That’s not really how SPF/SenderID works, I thought I made that clear in the article but here is one more pass: SPF/SenderID only provide authenticity for public hosts relaying your domain mail to other servers. You do not define SPF on non-routable private domains (such as .local, .vlad) but only on public stuff that remote mail servers will be getting – .com, .net, .org and such. You would be putting your TXT entries in your public domain zones so that remote mail servers that implement SPF/SenderID can run a dns lookup and find the SPF record and eventually evaluate whether the mail server that is sending email as harborcomputerservices.net is actually authorized to do so by the harborcomputerservices.net domain owner.

-Vlad

Hey, I wanted to thank you for all of the great work you have done with posting these articles and podcasts.

Following on Amy’s comment my SBS server has only my .local domain in the forward lookup zone of my DNS. The DNS for my .com domain is controlled by my hosting provider. To add spf info to my .com domain I emailed my host provider with a change request to add a TXT record with the SPF info from the wizard. Since the job is not done till you test it, I found that there are a couple of places to verify that the info in the TXT record is correct. Microsoft’s wizard will tell you if you have a TXT record with SPF info. The spf test that Microsoft recommends is by sending an email to auth-results@verifier.port25.com. You will get an automatic reply with the spf results.

Bill,

Thanks for the tip. You can also go to http://www.dnsstuff.com and check it there through their SPF checker.

One thing I always suggest is not to go with -all outright or at the very least set the TTL on the zone to something really, really, really low. That way (in the first scenario) if you make a mistake at least remote mail servers will not drop your mail outright and in the second secenario you can make a change without being forced to live with the cached copy on remote dns servers for 3 days or longer.