I am trying to troubleshoot an email delivery issue, and I think I have tracked it down to our SPF record being out of date. Right now, as below, our SPF record has our domain name, the external ip address that all internal servers appear to be coming from (due to NAT) and the names of three servers that sent emails (from applications, not our email server).
domain.com. IN TXT "v=spf1 ip4:XXX.XXX.XXX.XXX mx ptr a:server1 a:server2 a:server3 ~all"
After some review, I am wondering if I need to use the FQDN of the servers and also do I need to use the FQND of the mail server (which I thought was covered by the "mx" entry)
In other words:
domain.com. IN TXT "v=spf1 ip4:XXX.XXX.XXX.XXX mx ptr a:exchange.domain.co, a:server2.domain.com a:server3.domain.com ~all"