Correct Syntax for a SPF record

Question

I want to create a SPF record for multiple subdomains, but I have no clue how to write a correct syntax. Since I am writing an application and it is not yet running live so I cannot yet test it.

But I have a number of subdomains e.g. : * api.myservice.com * booking.myservice.com * partner.myservice.com

I know how to make a record for a single domain. v=spf1 mx ptr a:server01.hosting.com mx:api.myservice.com ip4:123.12.12.14 ~all

But now I would like to add all three or more domains in the SPF record, what would be the syntax for that? Or can I simply add more PTR records? I have heard it is strongly disadvised.

Answer 1

No adding PTR records is not a good way to validate domain ownership.

If you want to share a single spf record with multiple domains, you want to include them

@ IN TXT "v=spf1 mx ptr a:server01.hosting.com mx:api.myservice.com ip4:123.12.12.14 ~all"
api.myservice.com IN TXT "v=spf1 include:myservice.com -all"
booking.myservice.com IN TXT "v=spf1 include:myservice.com -all" 
partner.myservice.com IN TXT "v=spf1 include:myservice.com -all"

If you are hosting services that you may use for other companies, I would suggest a special record for those services separate from the business

@ IN TXT "v=spf1 mx a:server01.hosting.com mx:api.myservice.com ip4:123.12.12.14 ~all"
_spf IN TXT "v=spf1 ip4:192.0.2.0/24 ip6:2001:db8::/64 -all"
api.myservice.com IN TXT "v=spf1 include:_spf.myservice.com -all"
booking.myservice.com IN TXT "v=spf1 include:_spf.myservice.com -all" 
partner.myservice.com IN TXT "v=spf1 include:_spf.myservice.com -all"

the other option of having the a:api.myservice.com record for each service, also not a great idea due to 10 domain lookup caps.

• Avoid using PTR Records, you know that the IP Address is, summarize them if you can (cdir notation)

• Do not exceed 10 Domain Lookup (don't use A/MX if you know the addresses of your mx and manage their A records)