Difference between a:mail.domain.com and include:mail.domain.com

In-house Exchange was sending through an outbound/off-site spam filter, but now we need an SPF for sending out of our organization's network. I have seen this done with both an v=spf1 a:mail.domain.com ~all and v=spf1 include:mail.domain.com ~all. What is the difference between a and include when setting up an SPF record? No links please, most of them don't make sense, are too abstract, or are unclear - explain in real-world language/scenarios the difference and why one might be more appropriate than another in a given scenario. mail.domain.com properly resolves to the public static IP address of the organization, so maybe it doesn't matter, but here to find out :)

LVL 33
PowerEdgeTechIT ConsultantAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

PowerEdgeTechIT ConsultantAuthor Commented:
Oh, geez ...
Seth SimmonsSr. Systems AdministratorCommented:
the difference really comes down to scope - either looking for a specific type of record (such as A or MX) or any record for that domain
using "a" simply refers to matching the dns A record for a mail host
if your mail host is and it sends a message to a user at gmail, google will do an spf check
if you have "a" defined in your spf record and your outgoing IP address of the mail server matches your dns A record then you're good

same applies if you specified MX in your spf record...in that example, google will look to see if the sending IP address matches the A record that the MX record is pointing to
using "include" would specify the domain name.  i've never had to use it and not sure in what use case it would apply, but i have been able to use just A and MX for SPF records in places i've worked.  that has been the simplest way i've found.  a much larger, more complex environment might need to use "include".

where i work now, i only put an IP address (using ip4 instead of A or MX in the spf record) which matches the A record for that host

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Aplogies PoweEdge Tech if you felt my response was too brief.  I like links to content that I can learn from personally, but realise you may have preferred a concise answer for a "hit and run" on the subject.
PowerEdgeTechIT ConsultantAuthor Commented:
Sorry, I didn't mean to neglect this question ... I thought I'd get more hits on it. Thank you for your thoughts, Seth. I'm not sure I came away from this with much greater understanding, but maybe what I did take away is that it doesn't really matter :) include: seems to be much more common, but a: seems to work just as well, as does IP. Just like all things IT, there are multiple ways to do things.

MB ... your answer wasn't just brief, it wasn't really an answer at all. I don't need you to google for me - your link is the top result for any query with "spf" in it. It also violates EE's etiquette for answering questions. I saw it when doing my own research, and visited it several times, but the specification isn't always the best place to get real-world advice and experience, which is what I was asking for. I also asked specifically for NO LINKS. Hence, my frustration with your response. That said, thank you for your overall presence and participation on EE.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.