10

EDIT : How to Mix the different mechanisms (a , mx , ip4 , ptr and include) to create single SPF file from 4

I know that 2 simple SPF records like

v=spf1 include:_spf.google.com ~all
v=spf1 include:otherdomain.com ~all

can be merged to one as

v=spf1 include:_spf.google.com include:otherdomain.com ~all

I have bit more complex SPF records with mechanisms like a mx ip4 ptr and include as shown below

v=spf1 a mx ptr include:icpbounce.com include:spf.mandrillapp.com ~all    
v=spf1 mx ip4:x.x.x.x include:mktomail.com ~all     
v=spf1 mx ip4:y.y.y.y include:mktomail.com ~all    
v=spf1 include:spf.mandrillapp.com ?all

How can merge all this to one TXT record, as mandrilapp is giving me an error

has more than one TXT record that looks like an SPF record

I cant try a trial and error as its in production and i am very new to this SPF domain

Oxi
  • 219
  • 1
  • 2
  • 7
  • @MadHatter : i am trying here is - How to Mix the different mechanisms (a , mx , ip4 , ptr and include) to create single SPF file from 4 – Oxi Apr 14 '16 at 08:28
  • The linked question is a [canonical](http://meta.serverfault.com/q/1986/55514) one. These are questions where the community has said all it is going to say on a class of subject, because although everyone's particular problems in that class are somewhat different, to the extent that they are interesting, they aren't different, and to the extent that they're different, they aren't interesting (to anyone save the questioner). So we write one set of answers designed to be the last word on the subject, and say no more. – MadHatter Apr 14 '16 at 09:03
  • I believe you can just run them all into one line, but your SPFs don't make sense anyway. Why would you want to include spf.mandrillapp.com with both soft-fail and neutral? And for your mulitple ipv4 addresses you again have one line with 'ip4:x.x.x.x ip4:y.y.y.y' etc. Go and review the canonical question and the SPF syntax. – BlueCompute Apr 14 '16 at 09:22
  • i get it now, mandril gives me an error without SPF, so i need something for the namesake. so i will try `~all` – Oxi Apr 14 '16 at 10:17
  • 2
    @MadHatter I disagree. If SO would only allow canonical questions, it wouldn't be the helpful place as it is today for us mortal soles. Just stop flagging questions as a duplicate when the OP has clearly put an effort trying to distinguish his question making it much more specific than some canonical parent. – Chris Nov 07 '16 at 13:23
  • @Chris 1) this is SF, we're a bit different to SO; 2) souls; 3) the effort put in by the OP is not relevant unless (s)he has explicitly addressed the canonical question and shown *how* his/hers is different, which is not the case here; 4) in brief, no, I will continue to flag duplicates where I see them (and since generally several other high-rep users have to agree with me before a question is so closed, it's not just me you have a beef with). Take this to meta if you want to continue the discussion; this is not the place for it. – MadHatter Nov 07 '16 at 13:30
  • 3
    I'm with you @Chris. The canonical answer does not do it for me. This is my exact question and issue and it is not addressed in canonical. "other high-rep users agree" is not relevant to me. – Aaron Jan 05 '17 at 00:53

1 Answers1

7

You can combine them all like this.

v=spf1 a mx ptr ip4:x.x.x.x ip4:y.y.y.y include:mktomail.com include:icpbounce.com include:spf.mandrillapp.com -all   

I recommend changing the ~all to -all - the whole point in setting up authentication in the first place is to make it fail when it's violated. Then test sending emails from all the different places to a testing tool like mailtest@unlocktheinbox.com. To ensure the SPF passes from each send point.

Henry
  • 910
  • 1
  • 5
  • 17
  • ptr is not recommended and can be removed: https://serverfault.com/questions/655919/do-i-need-to-set-up-ptr-record-in-spf-setting – Sire Dec 05 '19 at 09:19