Security – Using “mx ptr” parameters in DNS SPF record

domain-name-systememailg-suiteSecurityspf

I'm trying to set up my SPF record to validate properly both for emails sent through Google Apps and for those sent from MailChimp's servers.

MailChimp's docs recommend this SPF record: v=spf1 mx ptr include:servers.mcsv.net ~all.

Google Apps' docs recommend this: v=spf1 include:_spf.google.com ~all.

My main concern is mx ptr. Given that Google's docs don't include mx ptr, can I safely combine the two SPF records to include mx ptr?

In other words, will this validate for both servers: v=spf1 mx ptr include:_spf.google.com include:servers.mcsv.net ~all?

Best Answer

According to the mail chimp documentation only include:servers.mcsv.net is needed, indicating that all emails sent through MailChimp will be sent from the MTA's included in the SPF record for servers.mcsv.net.

To allow emails sent from both Mailchimp and GMail/Google Apps, simply include both:

v=spf1 include:_spf.google.com include:servers.mcsv.net ~all

If you need to send emails as *@yourdomain.tld your self as well, include the IP address of your sending (outbound) MTA as well, either in the form of an IPv4 address:

v=spf1 ip4:87.65.43.21 include:_spf.google.com include:servers.mcsv.net ~all

Or (if the server sending and receiving emails is the same) use the MX:

v=spf1 mx include:_spf.google.com include:servers.mcsv.net

Best Answer

Related Solutions

Google Apps, SPF, softfail problem (validates with validation tools, but still softfails otherwise)

Permerror when testing multiple SPF records for Google Apps and MailChimp

Related Topic