-2

I am familiar with the basics of SPF but I am having trouble determining exactly what I need for my setup.

I have my email done through Google Apps to send and receive email for my domain, example.com. Now I am adding Mailchimp Mandrill as a valid outgoing SMTP server for the same domain. I currently dont have an SPF record set up for Gmail.

When creating the SPF record for spf.mandrillapp.com, do I need to include gmail.com also? Or example.com? Or all three? Or only Mandrill?

Community
  • 1
Jeff
  • 335
  • 2
  • 4
  • 13
  • @MadHatter Thanks for that answer. It is helpful. However, it is a generic answer and I am seeking a specific answer. I admit that I am not an expert on SPF and that is why I came here. If this isn't a good venue to ask specific technical questions on SPF then are you able to refer me to a venue that can help me find my answer? – Jeff Mar 11 '15 at 22:15
  • I find it interesting that in that answer you acknowledge that you can't possibly give a valid answer "for the entire internet" in that space, and then you come here and vote to close when I am looking for a specific, valid answer. – Jeff Mar 11 '15 at 22:21
  • The answer in question is a [canonical](http://meta.serverfault.com/questions/1986/what-are-the-canonical-answers-weve-discovered-over-the-years) one. These are answers where the community has said all it is going to say on a class of subject, because although everyone's particular problems in that class are somewhat different, to the extent that they are interesting, they aren't different, and to the extent that they're different, they aren't interesting (to anyone save the questioner). So we write one answer that's designed to be the last word on the subject, and say no more. – MadHatter Mar 12 '15 at 07:08
  • I think that is a narrow view of what this community should be. If all questions must require canonical answers, then what is the point of asking questions at all? I can easily look up the SPF spec to get the complete documentation but that doesn't help me reach my solution. Likewise, your other answer does not give me what I need either. You yourself have asked questions that not many people think are interesting, so that is hardly a good argument as to why my question is inadequate. – Jeff Mar 12 '15 at 17:10
  • Please, don't set up straw men at which to tilt; I did not say that all questions require canonical answers, nor do I think anyone else did, nor do I think it's true. But there are *some* questions - you can see the list of them from my link above - where the same question comes back again and again, differing *only in the specifics of the question*. There is no end to answering those, because each person's answer is unique to their unique problem. We have decided as a community - whether you like it or not - that we're not interested in answering any more questions *like that*. – MadHatter Mar 12 '15 at 18:33
  • @MadHatter While I don't have any objection to a list of canonical answers as a policy, it should be noted that these answers can become stale over time. The 'How to stop people from using my domain to send spam?' answer is a good example - it doesn't even mention DMARC. A few years ago that would be fine, but in 2015 it's fair to say the existing answer is incomplete and needs revision. – Peter Goldstein Mar 12 '15 at 18:55
  • @MadHatter I misunderstood what you meant by bringing up the fact that this is classified as a canonical Q&A. Thanks for clarifying. My point remains though. All questions on this site can be considered specific variations of a canonical answer *somewhere*. It seems arbitrary for SF to just say, "We aren't going to help people out with these issues anymore event though the answer we provide is admittedly insufficient to help." You're right, I dont like the decision but I don't suppose there is much I can do about it. So I'll just keep rambling to you here ;) – Jeff Mar 12 '15 at 19:35
  • @PeterGoldstein good point - go for it (though it must be said that DMARC is a deeply, deeply hideous idea). SF is designed along the lines of a wiki, precisely so that it can be kept fresh and up-to-date. Propose an edit to the main canonical answer, or write a new answer, that brings things up-to-date. – MadHatter Mar 12 '15 at 19:50
  • @MadHatter We'll have to disagree on DMARC, but I'll see what I can do about proposing an edit/creating a new answer. Thanks for the guidance. – Peter Goldstein Mar 12 '15 at 20:32

1 Answers1

2

Yes, you should include Google's SPF include for this domain, even if no SPF record was set up previously.

Your record for example.com will probably look something like:

v=spf1 include:_spf.google.com include:spf.mandrillapp.com ~all

when all is said and done.

You don't need anything additional for example.com unless you are sending email directly (e.g. with Postfix or Sendmail) from another server.

Peter Goldstein
  • 181
  • 1