0

I am a bit confused about the creation of SPF records.

I have my hosting domain: hosting.mydomain.com, this is the hostname of the actual server running postfix etc.

I have configured my DNS like this:

mydomain.com
@       A    1.2.3.4 (mail  server IP)
@       MX   10 mail.mydomain.com
@       TXT  v=spf1 mx a a:hosting.mydomain.com ~all
hosting A    @
mail    A    1.2.3.4 (mail server IP)

Now do I need to include the a:hosting.mydomain.com in my SPF record?

And when I have another domain on the same server configured like this:

otherdomain.com
@       A    9.8.7.6 (web server)
@       MX   10 mail.otherdomain.com
@       TXT  v=spf1 mx a ~all
mail    A    1.2.3.4 (mail server IP)

Does this SPF record need to include a:hosting.mydomain.com

I am running Webmin/Virtualmin but hosting the DNS external. When I send email through the webmail the sender is always hosting.mydomain.com.

Are these SPF records correct?

Roger Far
  • 341
  • 5
  • 17

1 Answers1

1

When ISPs check SPF records, they resolve all domains in it to their IP.

So, answer is if 2 of your domains have the same IP then you only need to include one of them. If IPs are different then you need to have both domain defined in your SPF record.

Alternatively you can use ip4 mechanism like so: ip4: using IP address of server where you sites are hosted.

Basically, they way spf works it looks if certain domain allows mail to be send from certain IP.

James S.
  • 67
  • 2
  • 10
  • Ah I see what you mean, the `otherdomain.com` wouldn't even need a SPF record then at all? – Roger Far Sep 06 '13 at 05:39
  • It would need it. I didn't explain it right.. Easiest way to say it is: first you'll need to understand what servers will be sending your mail on behalf of you domain. Then in the spf record of that domain you can either specify an domain name of that server or it's ip. If otherdomain.com has the same ip as mydomain.com. Then you record v=spf1 mx a ~all is good, if otherdomain.com has different ip, but does use that mailserver you'd need to include a IP4 or another a:mydomain.com. Also if mx record resolves to A record of mailserver, than you are all set. – James S. Sep 06 '13 at 05:54
  • I think you just have to swap your records. Like this: mydomain.com @ TXT v=spf1 mx a ~all /// otherdomain.com @ TXT v=spf1 mx a a:mydomain.com ~all This way otherdomain.com allows mail to be send from mydomain's ip (as in A record, as well from it's own ip (a mx mechanism)). And – James S. Sep 06 '13 at 05:55
  • You can verify your records by mailing to emails listed here: http://www.port25.com/support/authentication-center/email-verification/ – James S. Sep 06 '13 at 06:00