Assume I have a domain, foo.com
, that I am configuring the SPF records for.
Assume that I have dozens of mail servers (all running on *.foo.com
) that I will be sending emails from.
These mail servers will NOT be included in the MX entry of my domain; the MX records are different as we have separate incoming servers.
How do I go about configuring an SPF record to whitelist my email sending servers?
I have looked into the ptr
flag but it seems to be not recommended because "it adds overhead and exposes the domain to unauthorized third-parties"
Best Answer
You could use
a
mechanism with dedicated subdomain e.g.and then introduce all your mail servers in DNS, e.g.
This allows you to just add new DNS
A
record every time you add a new mail server, without a need to modify SPF every time i.e. add a newip4
mechanism.Things gets much more easy if the mail servers are on the same subnets, i.e. you just add server capacity but don't get new IP addresses from different ISPs. Many mechanism has a subnet prefix in its syntax, but I'd recommend using
ip4
(andip6
) for this, e.g.