-2

I have current TXT record for my domain:

v=spf1 a mx ip4:{ip-of-my-server} -all

Both email traffic and website goes to same machine. Now, I have to point website (A record) to other server. Will it broke Sender Policy Framework - note the "a" in TXT record?

If so, should I just strip "a" form current TXT record or reconfigure current record differently, and how?

Miloš Đakonović
  • 640
  • 3
  • 9
  • 28
  • That's not how it works. [Please read up on SPF](http://serverfault.com/questions/369460/what-are-spf-records-and-how-do-i-configure-them) then come back if you have any additional questions. – Chris S Mar 04 '14 at 16:04

2 Answers2

3

The SPF record you have allows at least three entities to send mail claiming to be from your domain.

Using example.com as your domain, these entities are:

  1. The IP address obtained when you ask for the A record for example.com
  2. The IP address(es) obtained when you ask for the MX records for example.com and then ask for the A records of those addresses.
  3. The IP address listed after the ip4: string.

At the moment, all of these are the same IP address. After your proposed change, the A record for example.com will be a different IP address and that IP address will also be allowed to send email claiming to be from your domain. The IP addresses pointed to by your MX records and the raw ip4: entry will also still be able to send email claiming to be from your domain.

All other IP addresses will be forbidden from sending email claiming to be from your server. This is ensured by the -all at the end, which is a good thing.

TL;DR

In your case you don't need to change anything in your SPF when you change your web server's primary IP address. You will still be able to send email and no one else will be able to pretend to be you.

Community
  • 1
Ladadadada
  • 25,847
  • 7
  • 57
  • 90
0

You are mixing SPF with A and MX records.

Just create a new A reord for the hostname you want to point to the other server. Don't change the SPF record unless you have to (e.g. add a new IP etc.).

The snippet you posted is correct SPF syntax. In fact it contains the string A MX but this is not related to A and MX records nor does it have such an effect in means of DNS records.

I'll try to explain this using some dig snippets

Let this be the SPF record

;; ANSWER SECTION:
mydomain.tld.       14400   IN      TXT     "v=spf1 +a +mx +ip4:88.xxx.xxx.xxx ?all"

Then we usually got the following records that are independent from the above snippet. A SPF record can never replace missing A/MX records nor does it affect those record types in any way.

Let this be the A record of my example (webserver)

;; ANSWER SECTION:
mydomain.tld.       600     IN      A       109.xxx.xxx.xxx

This is redirecting clients requesting mydomain.tld to the host with the IP 109.xxx.xxx.xxx

And this is what makes mails arrive on the mailserver @ 88.xx.xx.xx

;; ANSWER SECTION:
mydomain.tld.       14400   IN      MX      10 mail.mydomain.tld.

;; ADDITIONAL SECTION:
mail.mydomain.tld.  600     IN      A       88.xxx.xxx.xxx

The MX for mydomain.tld is pointing at the A record mail.mydomain.tld. As a result mail is being sent to the mailserver with the IP 88.xxx.xxx.xxx

justlovingIT
  • 475
  • 3
  • 11