SPF to send emails from their own server and ours
We have a web application that uses the client email to send email 'from'. We want to add an SPF record on the client's DNS (text records) to allow this. I need to confirm the syntax before I do so.
"domain" being their domain name
XX.XX.XXX.XX being the IP of the server that hosts the web application
Please let me know if you think this looks correct or if any changes are needed.. Also what is the difference between mail.domain.com and domain.com
v=spf1 a mx a:mail.domain.com mx:domain.com ip4:XX.XX.XXX.XX ~all"domain" being their domain name
XX.XX.XXX.XX being the IP of the server that hosts the web application
Please let me know if you think this looks correct or if any changes are needed.. Also what is the difference between mail.domain.com and domain.com
ASKER
I tried and got an error saying that there are more than one SPF record. I understand that then I can only have one txt record for SPFs?
You can try use INCLUDE function in your SPF to include other SPF record.
v=spf1 a mx a:mail.domain.com mx:domain.com ip4:XX.XX.XXX.XX include:_spf.otherdomain.c
v=spf1 a mx a:mail.domain.com mx:domain.com ip4:XX.XX.XXX.XX include:_spf.otherdomain.c
ASKER
So if I want the domain to be able to send from different servers I should include and use the up for each additional server ?
ASKER
Also I only have the ip not the domain
SPF is a verification record. If you will send email to someone , his server will check your DNS and if will find that your email was sent from different server (name or IP) then will reject email, but if this server name and IP going to be included in your DNS then all is going to be OK.
In your case if you want to send email from different domain pretending it's your legit email you must include your server information in other DNS (SPF) record.
In your case if you want to send email from different domain pretending it's your legit email you must include your server information in other DNS (SPF) record.
ASKER
I understand that. What I need is the syntax of the SPF. This is the scenario:
www.abc.com
That is my client domain and they have their own mail server. Now they want to allow our servers to send email on their behalf.
They need to add an SPF record to do this. If our ip is : 111.11.11.111. And the second mail server is 22.222.22.222
What should the SPF look like to allow sending legitimate emails from all 3 servers ?
www.abc.com
That is my client domain and they have their own mail server. Now they want to allow our servers to send email on their behalf.
They need to add an SPF record to do this. If our ip is : 111.11.11.111. And the second mail server is 22.222.22.222
What should the SPF look like to allow sending legitimate emails from all 3 servers ?
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Ok. So let's say my domain is www.domain.com and theirs is www.abc.com
And o have 50 other domains using the application what should my spf record should look like ?
I was under the impression they need to add out ip to their record
I use zendesk and I needed to add an spf record with their domain into my own to allow them sending email on my behalf. I don't see why this is any different
And o have 50 other domains using the application what should my spf record should look like ?
I was under the impression they need to add out ip to their record
I use zendesk and I needed to add an spf record with their domain into my own to allow them sending email on my behalf. I don't see why this is any different
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
That sounds like what I thought would work. can we use the client's domain, another domain and an IP ? that is what I currently have. And I understand this record will be added in the client's domain. What would the syntax be if the information entered is a domain and not an IP ?
Do I also need to include their own domain in the record? or just our servers ?
One of our servers is: www.abc.com
the other let's say its 11.11.11.111
The clients' domain say is: www.domainclient.com
Would this be correct?
Do I also need to include their own domain in the record? or just our servers ?
One of our servers is: www.abc.com
the other let's say its 11.11.11.111
The clients' domain say is: www.domainclient.com
Would this be correct?
v=spf1 mx: www.domainclient.comn mx:www.abc.com ip4:11.11.11.111 -allASKER
Also, for our own domain we have issues with our our SPF record. I tried validating it with the website above but I am getting a couple of errors. I am not sure if I can post the errors here without posting the domain name.
This is our current SPF record which allows to send from our email server, our website (different IP), our web application, and Zendesk.
Seems there is some miss configuration.
This is our current SPF record which allows to send from our email server, our website (different IP), our web application, and Zendesk.
Seems there is some miss configuration.
v=spf1 a mx a:mail.ourdomainname.pro mx:ourdomainname.pro ip4:11.11.11.11 ip:22.22.22.22 ip:33.33.33.33 include:mail.zendesk.com ~all v=spf1 mx: www.domainclient.com mx:www.abc.com ip4:11.11.11.111 -all
If you're going with something like this, you'll want to remove the www from both of those domain names. The MX mechanism means that any servers listed in the MX records of the specified domain are allowed to send. You should be aware of two things when using the MX mechanism:
- It can result in a lot of DNS lookups, because each MX record resolves to an A record, which in turn must be resolved to an IP address. If there are a lot of MX records, you can run up against the lookup limit for SPF (10), but this isn't likely in your case.
- MX records indicate the servers that receive mail for a domain, but SPF is concerned with the servers allowed to send mail on behalf of that domain. If the domain in question uses different servers for sending and receiving, the sending servers won't be the ones in their MX records.
One of our servers is: www.abc.comOops, I missed that. You'd want to use a:www.abc.com to permit the server with that name to send mail. Your overall record would look like this:
v=spf1 ip4:11.11.11.111 a:www.abc.com mx:domainclient.com -all- The server with IP address 11.11.11.111
- The server with public DNS name www.abc.com
- Any server listed in the MX record set of the domainclient.com domain.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Attempting to guess at correct records for any domain is complex, as each setup can contain many variations.
Best to just publish your SPF records as you think they should be written + use an SPF tester to verify they're correct.