<div>
SPF has nothing to do with mailboxes. &nbsp;It is a special DNS record that tells other mail servers, that are SPF aware, what servers are authorized to send emails for specific DNS domains.<br />
<br />
Info about SPF:<br />
1. <a href="http://www.openspf.org/Project_Overview" rel="ugc">http://www.openspf.org/Project_Overview</a><br />
2. <a href="http://en.wikipedia.org/wiki/Sender_Policy_Framework" rel="ugc">http://en.wikipedia.org/wiki/Sender_Policy_Framework</a><br />
<br />
If you want to create a SPF record for a domain, you could use the following online wizards to help you create a properly formatted DNS record:<br />
<br />
1. <a href="http://www.spfwizard.net/" rel="ugc">http://www.spfwizard.net/</a><br />
2. <a href="http://www.microsoft.com/mscorp/safety/content/technologies/senderid/wizard/" rel="ugc">http://www.microsoft.com/mscorp/safety/content/technologies/senderid/wizard/</a><br />
&nbsp;<br />
Dan
</div>


<div>
You can test out your SPF record using this online tool:<br />
<br />
<a href="http://mxtoolbox.com/spf.aspx" rel="ugc">http://mxtoolbox.com/spf.aspx</a><br />
<br />
Dan
</div>


<div>
Thanks Dan, so in answer to my question &quot;Their request appears to grant them the ability to send-as on any of our mailboxes, is this the case?&quot;
</div>


<div>
Yes, sorry Dan I get that and realise my question should have been rephrased to avoid any mention of mailboxes, however your answer has made it even more clear to me and I appreciate the comprehensive clarification.<br />
What I really wanted to know was, could this be open to abuse? - I am effectively giving this company permission to send through my DNS and look like it is coming from us - I guess it raised my sysadmin alarm bells and wondered if I could put something in place to only allow them to send e-mails that match customerservice@mydomain.c<wbr />om - which, I am assuming will not be possible.
</div>


<div>
<blockquote>
What I really wanted to know was, could this be open to abuse?
</blockquote>
- theoretically yes, it could be abused. &nbsp;Since this is a third party, who know what goes on in/on their servers. &nbsp;There could be any number of things that could allow something to go wrong. &nbsp;Hardware issues, software issues or misconfigurations... and let's no forget the people managing those servers or the people using.<br />
<br />

<blockquote>
wondered if I could put something in place to only allow them to send e-mails that match customerservice@mydomain.c<wbr />om 
</blockquote>
- see question 4 below.<br />
<br />
My questions are:<br />
1. why was this requested?<br />
2. for what purpose will it be utilized?<br />
3. is this an IT use or a Business use case?<br />
4. could you give them an account on your mail server and grant them secure access to it? (think Exchange and OWA)<br />
4a. would this solve the use case?<br />
<br />
Dan
</div>


<div>
Excellent and comprehensive answers to my questions.
</div>


<div>
<div class="content wysiwyg-content">
I have been asked by a company to configure my SPF record (presumably done through my mail host site i.e. names.co.uk) to allow their domain the ability to send-as on one of our mailboxes. &nbsp;Their request appears to grant them the ability to send-as on any of our mailboxes, is this the case? &nbsp;I am not sure how they can only have access to that particular e-mail address e.g. customerservice@mydomain.c<wbr />om.<br />
<br />
Thanks
</div>
</div>


I have been asked by a company to configure my SPF record (presumably done through my mail host site i.e. names.co.uk) to allow their domain the ability to send-as on one of our mailboxes.  Their request appears to grant them the ability to send-as on any of our mailboxes, is this the case?  I am not sure how they can only have access to that particular e-mail address e.g. customerservice@mydomain.com.

Thanks

How do I add a domain to my SPF record to only allow them to send from one mailbox account?

The Domain Name System (DNS) is a hierarchical, globally distributed system responsible for associating the name of a computer, service or other resource into an IP address for connecting to the Internet or a private network. Most prominently, it translates domain names to the numerical IP addresses needed for the purpose of computer services and devices worldwide.

Within Internet message handling services (MHS), a message transfer agent or mail transfer agent (MTA) or mail relay is software that transfers electronic mail messages from one computer to another using a client–server application architecture. A MTA implements both the client (sending) and server (receiving) portions of the Simple Mail Transfer Protocol (SMTP). The terms mail server, mail exchanger, and MX host may also refer to a computer performing the MTA function. The Domain Name System (DNS) associates a mail server to a domain with mail exchanger (MX) resource records containing the domain name of a host providing MTA services.