2

I have a email server (iRedmail on Ubuntu) where I host my personal domain, and several other domains. Despite the fact that non of the domains spam, somehow, MXtoolbox tells me my server is on the Spamhaus ZEN blacklist. This server is a VERY low traffic mailhost, the only domain that actually "sends" any quantity of email from the server is my personal domain, with me and my wife having our email accounts there. The remainder of the domains hosted are one small local startup non-profit that has one email address hosted for incoming email (currently ONLY incoming), another is a domain for a small business some friends and I are trying to start, and another is my ebay business. Anyway enough background.. I'm trying to tighten up the server, MXToolbox already shows its ok as to "open-relay".. But since everywhere I look, says doing an spf record on the dns host is a good thing, I'm trying to set one up. What I'm seriously UNclear about, is how I add the other domains that this server is supposed to send/receive mail for in the spf record (I'm trying to use the spf wizard at www.spfwizard.net).. Do I need an spf record on each domain referring to my personal domain (which is the domain the server "lives" in). I have successfully (according to the MXToolbox spf record checker) added a spf record to my personal domain as follows 

frandin.org.  IN TXT "v=spf1 mx a ip4:23.94.39.114/32 ?all"

I guess my main question is do I need an spf record in each domain?

Jenny D
  • 27,358
  • 21
  • 74
  • 110
lvdave
  • 21
  • 2
  • I went back and read the linked question and I still don't understand whether I need an spf record in dns for each domain that my server handles mail for... – lvdave Nov 08 '15 at 15:50

2 Answers2

2

SPF is an email authentication system for domains to authorize servers to send.

so Yes you should have an SPF record for each domain. if you are not going to manage all domains, but host/send email you will want to have an SPF record that you manage, but they can use (include).

For yourself:

frandin.org.  IN TXT "v=spf1 mx a ip4:23.94.39.114/32 ?all"
_spf.frandin.org.  IN TXT "v=spf1 ip4:23.94.39.114/32 -all"

For Customers

example.org.  IN TXT "v=spf1 mx a include:_spf.frandin.org ?all"

I added _spf.frandin.org so your services and your business are seperate, say for example you want to be able to send emails for customers, but your customers use another system like mailchimp, they can add that spf in addition to yours.

?all is fine to START, but you should switch to ~all and then -all asap, otherwise it's pointless.

Jacob Evans
  • 7,636
  • 3
  • 25
  • 55
0

As a personal recommendation, test your mailserver configuration with mail-tester. You send an email to the email address you see on the page and check the score. It will give you a score based on some common configuration best practices.

A cool thing is that the website offers you even the spf records you need to set on your dns host.

Related to SPF are DKIM and DMARC, check them out on how to improve your inbox 'hit' rating.

Mihai T.
  • 46
  • 4
  • Thank you everybody!! I was familiar with MXtoolbox, but not mail-tester. I have admin access to all of the domains dns records, so I can add spfs to those also.. Will check out Mail-tester... – lvdave Nov 11 '15 at 17:05