How to create reverse spf and the correct syntax

An external company has asked me to create reverse spf so that they can send on behalf of our domain.
How do I action this? I know this is created on our domain's external DNS however, I am keen to understand the correct syntax.
Please note they have supplied multiple IP address that they could be sending from if that makes any difference?
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Marcus BointonCommented:
There's no such thing as a reverse SPF. You should not add all their IPs, you just need to add an 'include' clause in your own SPF to pull in their allowed sources, something like:

v=spf1 a mx ~all

Open in new window

Squinky is correct, there is no "reverse" spf record.  

You can include their domain name like the example Squinky has, or if they have specific IP address you can include those IP addresses

Including the domain name requires that all of the IP addresses they use to send e-mail have PTR records setup properly.
DrDave242Senior Support EngineerCommented:
Note that the include mechanism only works if the specified domain has a valid SPF record. Essentially, their SPF record is processed as part of processing yours. If you trust them and/or have evaluated their SPF record yourself, go ahead and use that mechanism, but just know that you're allowing whatever servers are encompassed by their SPF record to send mail on behalf of your domain. This includes any include mechanisms that their own SPF record contains.

If they gave you a set of IP addresses, you can simply use the ip4 mechanism to add only those addresses, like so:
v=spf1 ip4: ip4: ip4: ip4: a mx ~all

Open in new window

One advantage of this arrangement is that you're only allowing certain specific addresses. It also requires less work for a server to check an IP address, as there are no DNS queries involved (but that work is being done by the receiving server, so it's not really your concern anyway). One disadvantage is that, if any of the public IP addresses of the sending servers change for whatever reason, the SPF record has to be updated accordingly.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.