Greetings!

I found that our SPF spam filter wasn't working as well as it used to.
After some research I learned that it depends on our DNS server. I
have new primary and secondary DNS services running on our domain and
they are configured to be internal DNS. The forward lookup zone is
ASA.local. I added the SPF record back in but that didn't work at
all... could this perhaps be because the zone isn't our domain name?

I ask because after resurrecting the old DNS server, for the experience
non-the-less, I found that the DNS used the forward lookup zone
AppSci.com which is our domain name. In addition to the SPF record it
also including references to MX records for a mail server and other
records for our various external web sites. Should our new DNS have
these kinds of records as well? How could I keep the ASA.local and add
this AppSci.com zone or do I even need to?

I ask this because of how all of this landed in my lap. When our
previous PDC died our original tech setup a new domain (ASA.local)
using SBS 2003 with Exchange 2003 and then got pissed off and left.
Being the most experienced I was pulled off of my programming duties to
become the new IT guy. I migrated everyone and every computer to the
new domain, established secondary DNS and WINS services to lighten the
load on the PDC, and locked down the network more tightly but our
external web sites were still not working. Our IT Director, who can't
even open a PC, blamed DNSWhiz for our web sites being unreachable and
moved everything to Network Solutions where he then added records for
all of our external servers so everything worked again. Yeah! So, for
the most part, I am left with this one SPF spam issue.

Any suggestions?

Thanks!
Matthew Hanna

Since you moved the domain, I think you need to set up SPF again, and it
probably needs to be in the Network Solutions domain if that is the domain
being used for email.

This link should you figure out what needs to be in the domain, but I
think you'll have to contact Network Solutions to have the TXT record added.

http://www.openspf.org/wizard.html

--
Greg Lindsay [MSFT]

Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.

"irtheman" <irtheman@gmail.com> wrote in message
news:1162921449.002623.133550@m73g2000cwd.googlegr oups.com...
> Greetings!
>
> I found that our SPF spam filter wasn't working as well as it used to.
> After some research I learned that it depends on our DNS server. I
> have new primary and secondary DNS services running on our domain and
> they are configured to be internal DNS. The forward lookup zone is
> ASA.local. I added the SPF record back in but that didn't work at
> all... could this perhaps be because the zone isn't our domain name?
>
> I ask because after resurrecting the old DNS server, for the experience
> non-the-less, I found that the DNS used the forward lookup zone
> AppSci.com which is our domain name. In addition to the SPF record it
> also including references to MX records for a mail server and other
> records for our various external web sites. Should our new DNS have
> these kinds of records as well? How could I keep the ASA.local and add
> this AppSci.com zone or do I even need to?
>
> I ask this because of how all of this landed in my lap. When our
> previous PDC died our original tech setup a new domain (ASA.local)
> using SBS 2003 with Exchange 2003 and then got pissed off and left.
> Being the most experienced I was pulled off of my programming duties to
> become the new IT guy. I migrated everyone and every computer to the
> new domain, established secondary DNS and WINS services to lighten the
> load on the PDC, and locked down the network more tightly but our
> external web sites were still not working. Our IT Director, who can't
> even open a PC, blamed DNSWhiz for our web sites being unreachable and
> moved everything to Network Solutions where he then added records for
> all of our external servers so everything worked again. Yeah! So, for
> the most part, I am left with this one SPF spam issue.
>
> Any suggestions?
>
> Thanks!
> Matthew Hanna
>

Here is another wizard that you can also use:
http://www.microsoft.com/mscorp/safe...nderid/wizard/

--
Greg Lindsay [MSFT]

Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.

"Greg Lindsay [MSFT]" <greglin@microsoft.com> wrote in message
news:emZyJtrAHHA.3560@TK2MSFTNGP04.phx.gbl...
> Since you moved the domain, I think you need to set up SPF again, and it
> probably needs to be in the Network Solutions domain if that is the domain
> being used for email.
>
> This link should you figure out what needs to be in the domain, but I
> think you'll have to contact Network Solutions to have the TXT record
> added.
>
> http://www.openspf.org/wizard.html
>
> --
> Greg Lindsay [MSFT]
>
> Disclaimer: This posting is provided "AS IS" with no warranties, and
> confers no rights.
>
> "irtheman" <irtheman@gmail.com> wrote in message
> news:1162921449.002623.133550@m73g2000cwd.googlegr oups.com...
>> Greetings!
>>
>> I found that our SPF spam filter wasn't working as well as it used to.
>> After some research I learned that it depends on our DNS server. I
>> have new primary and secondary DNS services running on our domain and
>> they are configured to be internal DNS. The forward lookup zone is
>> ASA.local. I added the SPF record back in but that didn't work at
>> all... could this perhaps be because the zone isn't our domain name?
>>
>> I ask because after resurrecting the old DNS server, for the experience
>> non-the-less, I found that the DNS used the forward lookup zone
>> AppSci.com which is our domain name. In addition to the SPF record it
>> also including references to MX records for a mail server and other
>> records for our various external web sites. Should our new DNS have
>> these kinds of records as well? How could I keep the ASA.local and add
>> this AppSci.com zone or do I even need to?
>>
>> I ask this because of how all of this landed in my lap. When our
>> previous PDC died our original tech setup a new domain (ASA.local)
>> using SBS 2003 with Exchange 2003 and then got pissed off and left.
>> Being the most experienced I was pulled off of my programming duties to
>> become the new IT guy. I migrated everyone and every computer to the
>> new domain, established secondary DNS and WINS services to lighten the
>> load on the PDC, and locked down the network more tightly but our
>> external web sites were still not working. Our IT Director, who can't
>> even open a PC, blamed DNSWhiz for our web sites being unreachable and
>> moved everything to Network Solutions where he then added records for
>> all of our external servers so everything worked again. Yeah! So, for
>> the most part, I am left with this one SPF spam issue.
>>
>> Any suggestions?
>>
>> Thanks!
>> Matthew Hanna
>>
>
>

Hmmm... Looks like Network solutions won't add TXT records.
http://customersupport.networksoluti...cle.php?id=369
I guess I should turn off the SPF filter in our spam filter.

Greg Lindsay [MSFT] wrote:
> Since you moved the domain, I think you need to set up SPF again, and it
> probably needs to be in the Network Solutions domain if that is the domain
> being used for email.
>
> This link should you figure out what needs to be in the domain, but I
> think you'll have to contact Network Solutions to have the TXT record added.
>
> http://www.openspf.org/wizard.html
>
> --
> Greg Lindsay [MSFT]
>
> Disclaimer: This posting is provided "AS IS" with no warranties, and confers
> no rights.
>
> "irtheman" <irtheman@gmail.com> wrote in message
> news:1162921449.002623.133550@m73g2000cwd.googlegr oups.com...
> > Greetings!
> >
> > I found that our SPF spam filter wasn't working as well as it used to.
> > After some research I learned that it depends on our DNS server. I
> > have new primary and secondary DNS services running on our domain and
> > they are configured to be internal DNS. The forward lookup zone is
> > ASA.local. I added the SPF record back in but that didn't work at
> > all... could this perhaps be because the zone isn't our domain name?
> >
> > I ask because after resurrecting the old DNS server, for the experience
> > non-the-less, I found that the DNS used the forward lookup zone
> > AppSci.com which is our domain name. In addition to the SPF record it
> > also including references to MX records for a mail server and other
> > records for our various external web sites. Should our new DNS have
> > these kinds of records as well? How could I keep the ASA.local and add
> > this AppSci.com zone or do I even need to?
> >
> > I ask this because of how all of this landed in my lap. When our
> > previous PDC died our original tech setup a new domain (ASA.local)
> > using SBS 2003 with Exchange 2003 and then got pissed off and left.
> > Being the most experienced I was pulled off of my programming duties to
> > become the new IT guy. I migrated everyone and every computer to the
> > new domain, established secondary DNS and WINS services to lighten the
> > load on the PDC, and locked down the network more tightly but our
> > external web sites were still not working. Our IT Director, who can't
> > even open a PC, blamed DNSWhiz for our web sites being unreachable and
> > moved everything to Network Solutions where he then added records for
> > all of our external servers so everything worked again. Yeah! So, for
> > the most part, I am left with this one SPF spam issue.
> >
> > Any suggestions?
> >
> > Thanks!
> > Matthew Hanna
> >

In news:1162940337.432919.136000@k70g2000cwa.googlegr oups.com,
irtheman <irtheman@gmail.com> stated, which I commented on below:
> Hmmm... Looks like Network solutions won't add TXT records.
> http://customersupport.networksoluti...cle.php?id=369
> I guess I should turn off the SPF filter in our spam filter.

Unfortunate that Network Solutions does not allow this. I found that out a
couple years ago when I first implemented SPF. Many other registrars hosting
DNS do not allow this as well. I think one of them do, but at this point, I
just can't remember the name of the registrar. If you can find a DNS
provider that will do it for you, it may be an easy way out of it.

--
Ace
Innovative IT Concepts, Inc (IITCI)
Willow Grove, PA

This posting is provided "AS-IS" with no warranties or guarantees and
confers no rights.

Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT, MVP
Microsoft MVP - Directory Services
Microsoft Certified Trainer

Having difficulty reading or finding responses to your post?
Instead of the website you're using, I suggest to use OEx (Outlook Express
or any other newsreader), and configure a news account, pointing to
news.microsoft.com. This is a direct link to the Microsoft Public
Newsgroups. It is FREE and requires NO ISP's Usenet account. OEx allows you
to easily find, track threads, cross-post, sort by date, poster's name,
watched threads or subject.
It's easy:

How to Configure OEx for Internet News
http://support.microsoft.com/?id=171164

Infinite Diversities in Infinite Combinations
Assimilation Imminent. Resistance is Futile
"Very funny Scotty. Now, beam down my clothes."

The only constant in life is change...

Ace Fekay [MVP] wrote:
> In news:1162940337.432919.136000@k70g2000cwa.googlegr oups.com,
> irtheman <irtheman@gmail.com> stated, which I commented on below:
> > Hmmm... Looks like Network solutions won't add TXT records.
> > http://customersupport.networksoluti...cle.php?id=369
> > I guess I should turn off the SPF filter in our spam filter.
>
> Unfortunate that Network Solutions does not allow this. I found that out a
> couple years ago when I first implemented SPF. Many other registrars hosting
> DNS do not allow this as well. I think one of them do, but at this point, I
> just can't remember the name of the registrar. If you can find a DNS
> provider that will do it for you, it may be an easy way out of it.
>
> --
> Ace
> Innovative IT Concepts, Inc (IITCI)
> Willow Grove, PA
>
> This posting is provided "AS-IS" with no warranties or guarantees and
> confers no rights.
>
> Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT, MVP
> Microsoft MVP - Directory Services
> Microsoft Certified Trainer
>
> Having difficulty reading or finding responses to your post?
> Instead of the website you're using, I suggest to use OEx (Outlook Express
> or any other newsreader), and configure a news account, pointing to
> news.microsoft.com. This is a direct link to the Microsoft Public
> Newsgroups. It is FREE and requires NO ISP's Usenet account. OEx allows you
> to easily find, track threads, cross-post, sort by date, poster's name,
> watched threads or subject.
> It's easy:
>
> How to Configure OEx for Internet News
> http://support.microsoft.com/?id=171164
>
> Infinite Diversities in Infinite Combinations
> Assimilation Imminent. Resistance is Futile
> "Very funny Scotty. Now, beam down my clothes."
>
> The only constant in life is change...

In my very limited readings I am guessing that I can create a new Zone
with our domain name, AppSci.com. I can put the MX and TXT records
there for SPF. I would also have to specify all of the other
externally available servers hosted by AppSci.com there as well. I
might not have the right idea and I am sure I only understand enough to
hurt myself however so I am not going to try it. :-)

I installed GFI which the sales people claimed somehow takes care of
the SPF problem once it is setup. I am not questioning it and will
continue to live in ignorant bliss. :-)__ So far it looks great and
is working wonders for the company.

Thanks for the !
Matthew Hanna

In news:1163020777.375835.187860@e3g2000cwe.googlegro ups.com,
irtheman <irtheman@gmail.com> stated, which I commented on below:

> In my very limited readings I am guessing that I can create a new Zone
> with our domain name, AppSci.com. I can put the MX and TXT records
> there for SPF. I would also have to specify all of the other
> externally available servers hosted by AppSci.com there as well. I
> might not have the right idea and I am sure I only understand enough
> to hurt myself however so I am not going to try it. :-)
>
> I installed GFI which the sales people claimed somehow takes care of
> the SPF problem once it is setup. I am not questioning it and will
> continue to live in ignorant bliss. :-)__ So far it looks great and
> is working wonders for the company.
>
> Thanks for the !
> Matthew Hanna

Creating an SPF TXT record, or any other record, on the internal private DNS
will not outside email servers to see if you have an SPF. An SPF is
designed for you to send mail to other domains and if their domain's mail
server is configured to check for an SPF records, it will query the public
DNS.

But either way, if you are comfortable with how you have it setup, that's
cool too!

Ace

If Network Solutions will allow it, try hosting a primary server for the
external domain, and set up the Network Solutions servers to slave the zone.
Keep the Network Solution servers appearing a primary - this is sometimes
referred to as a "hidden" primary. Then, you can add the TXT record and
hopefully Network Solutions will just pick it up.

--
Greg Lindsay [MSFT]

Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.

"Ace Fekay [MVP]" <PleaseAskMe@SomeDomain.com> wrote in message
news:%2373NMy5AHHA.4428@TK2MSFTNGP04.phx.gbl...
> In news:1163020777.375835.187860@e3g2000cwe.googlegro ups.com,
> irtheman <irtheman@gmail.com> stated, which I commented on below:
>
>> In my very limited readings I am guessing that I can create a new Zone
>> with our domain name, AppSci.com. I can put the MX and TXT records
>> there for SPF. I would also have to specify all of the other
>> externally available servers hosted by AppSci.com there as well. I
>> might not have the right idea and I am sure I only understand enough
>> to hurt myself however so I am not going to try it. :-)
>>
>> I installed GFI which the sales people claimed somehow takes care of
>> the SPF problem once it is setup. I am not questioning it and will
>> continue to live in ignorant bliss. :-)__ So far it looks great and
>> is working wonders for the company.
>>
>> Thanks for the !
>> Matthew Hanna
>
> Creating an SPF TXT record, or any other record, on the internal private
> DNS will not outside email servers to see if you have an SPF. An SPF
> is designed for you to send mail to other domains and if their domain's
> mail server is configured to check for an SPF records, it will query the
> public DNS.
>
> But either way, if you are comfortable with how you have it setup, that's
> cool too!
>
> Ace
>
>
>
>