How to include domain mail server along with Google mail server in SPF record

email-serverg-suitespf

I've recently switched to Google Apps and this thread

http://www.google.com/support/a/bin/answer.py?answer=178723

suggests to update SPF record like :

'v=spf1 include:_spf.google.com ~all' . (1)

Since I'm running cron jobs on my domain server which also sends email, I want to include my domain mail server as a legitimate origin. So how can I add Google mail server and my domain mail server together in SPF?

Some thread also mention that for Google apps record should be :

'v=spf1 include:aspmx.googlemail.com ~all ' . (2)

There is minor difference between (1) and (2). which one is correct/preferred?

My current SPF: "v=spf1 a mx ptr include:domain.com ?all"

Please help. Thanks.

Update:
My host is bluehost.com. Would something like this would be legitimate SPF record :

"v=spf1 a mx ptr include:bluehost.com include:_spf.google.com ~all"

PLease tell whether ~all or ?all is required? What's the meaning of this?

Best Answer

N.B. I'll assume you don't actually have anything to do with the domain "domain.com" which is a real place. Please use example.com when not providing actual details

I'll answer the last part first. There is some difference between ~all and ?all but both mean pretty much the same thing from the context of someone who is receiving your mail. Basically you are saying "I don't know exactly where my mail originates from; it's up to you to guess at what to do." Please consider "-all" instead. This communicates "My mail only comes from the hosts listed in this record; anything else is junk." That warning in the Google answer is because, as you might guess, if you mis-configure your spf record by leaving out some legitimate sending hosts some people may drop your mail. Unless you run a mailing list server, -all is probably the right thing to do if you are going to publish an spf record. Publishing ~all or ?all is not more helpful than simply not having an spf record. See the top of: http://www.openspf.org/SPF_Record_Syntax

Answering the first part exactly is a little tough, since you haven't stated details about your current sending server. The Google advice is good, so you will definitely want to have 'v=spf1 include:_spf.google.com' if you are using them. If you have any more hosts, just append them to that example in the space delimited format. You'll need to figure out what your current sending IP addresses are and add them with the ip4:nnn.nnn.nnn.nnn syntax. It would look similar to this:

v=spf1 include:_spf.google.com ip4:192.168.0.1 ip4:192.168.0.2 -all

You probably don't need the extra "a", "mx", "ptr" and other keywords in the record, the included bluehost.com already covers that. Something like this may be what you want if you're sending from Google and Bluehost:

v=spf1 include:bluehost.com include:_spf.google.com -all

If you are not sure of what your sending IP addresses are just don't publish an SPF record.

Best Answer

Related Solutions

How to make a proper SPF record(s) for a complex setup

How to format and where to put the SPF TXT record

Related Topic