I want to configure SPF on a domain to allow mail to be sent from:
- the x.com website server (x.com and www.x.com – both at same IP)
- its MX servers (smtp.x.com, mx.x.com, mail.x.com)
- another server that isn't listed as an MX server (somehost.x.com)
- via gmail using an account that has authenticated use of firstname.lastname@example.org
Will this zone file work? If not, what are the problems with it?
$ttl 38400 @ IN SOA ns1.x.com. hostmaster.x.com. ( 201003092 ; serial 8H ; refresh 15M ; retry 1W ; expire 1H ) ; minimum @ NS ns1.x.com. @ NS ns2.x.com. @ MX 10 mx.x.com. @ MX 20 smtp.x.com. @ MX 30 mailhost.x.com. ; SPF records @ IN TXT "v=spf1 a mx a:somehost.x.com include:_spf.google.com ~all" mx IN TXT "v=spf1 a -all" smtp IN TXT "v=spf1 a -all" mailhost IN TXT "v=spf1 a -all"
- Is _spf.google.com the right thing to include for gmail.com, or is it only for Google Hosted Apps? If only for Google Apps, what should I include to send from gmail.com?
- If mail shouldn't be sent from anywhere else, is it safe to use -all instead of ~all?
- Does it make sense to add specific SPF records for each of the mail servers?
- Any other problems with the zone file?
I want to confirm these things before making changes to my zone file. The file has SPF configured basically the same now, just without google.com and somehost, but I want to make sure I won't break things when I change it.