-1

I would like to add a second SPF TXT record to my domain, allowing an external mail-server to send emails from my domain so it won't be classified as spam on the receiving end. I've read that I should not create two separate TXT records, but combine them into one.

There's currently a mail-server running on my domain as well, and it has this TXT record:

v=spf1 +a +mx -all

The one that I have to add to allow the external server is:

v=spf1 a mx include:spf.externaldomain.com ~all

I've found related questions on how to combine two records with two include:'s, but as my existing record has a +a +mx and -all, and the second one a mx and ~all, I'm not sure how to combine them. Obviously, I still want the record for my mail-server on my domain give the correct SPF replies as well.

Ela782
  • 99
  • 1

1 Answers1

2

Do you really know what are you trying to achieve here? Your original (short) record seems fine, at least much better than the other one, which simply does nothing. Any SPF record without -all as a policy makes little sense, because it won't prevent unlisted addresses from claiming to be from your domain.

If you have full control over externaldomain.com domain, you can go with including that domain's dedicated SPF record (if it has one). If that domain is not yours, I'd rather avoid the include:... as it gives away control on your domain's policy to another administrator. In the latter case simply add another ipv4:, ipv6:, or a:-type entry, pointing to the current, foreign mail server, in your own record. The single disadvantage of doing so is that if the address or domain name of the foreign MTA changes, you may need to update your records.

However, my solution of choice in cases like that is to route the mails via your own MTA. This simply beats any SPF problems.

sam_pan_mariusz
  • 2,053
  • 1
  • 12
  • 15