SPF to allow all servers in domain to send email
Posted on 2014-09-29
We recently got added an SPF record
v=spf1 include:spf.protection.outlook.com -all
in our DNS, when migrating to office365 - however, the guys forgot that we send email from some additional in-house servers as well. Those emails now get rejected by SPF-aware recipients.
Our domain (let call it company-com) contains A records for our mail-sending servers srv1.company.com and srv2.company.com and we've got PTR records in place to resolve the servers ip addresses back to their names.
And now, of course, we need to fix the SPF record that was added to the DNS
As both srv1 and srv2 are listed with A-records in our domain, I thought that adding a "+a" would fix it:
v=spf1 +a include:spf.protection.outlook.com -all
However, that doesn't seem to work. If I add "ip4:126.96.36.199 ip4:188.8.131.52" (ip address to srv1 and srv2) it seems to work ok, but I'd rather not bind this to the ip addresses.
Isn't the +a method the correct way to do this?