DNS zone file SPF configuration to support sending mail from multiple servers and gmail
Posted
by Tauren
on Server Fault
See other posts from Server Fault
or by Tauren
Published on 2010-03-13T04:58:19Z
Indexed on
2010/03/13
5:05 UTC
Read the original article
Hit count: 435
I want to configure SPF on a domain to allow mail to be sent from:
- the x.com website server (x.com and www.x.com - both at same IP)
- it's MX servers (smtp.x.com, mx.x.com, mail.x.com)
- another server that isn't listed as an MX server (somehost.x.com)
- via gmail using an account that has authenticated use of [email protected]
Will this zone file work? If not, what are the problems with it?
$ttl 38400
@ IN SOA ns1.x.com. hostmaster.x.com. (
201003092 ; serial
8H ; refresh
15M ; retry
1W ; expire
1H ) ; minimum
@ NS ns1.x.com.
@ NS ns2.x.com.
@ MX 10 mx.x.com.
@ MX 20 smtp.x.com.
@ MX 30 mailhost.x.com.
; SPF records
@ IN TXT "v=spf1 a mx a:somehost.x.com include:_spf.google.com ~all"
mx IN TXT "v=spf1 a -all"
smtp IN TXT "v=spf1 a -all"
mailhost IN TXT "v=spf1 a -all"
Questions:
- Is _spf.google.com the right thing to include for gmail.com, or is it only for Google Hosted Apps? If only for Google Apps, what should I include to send from gmail.com?
- If mail shouldn't be sent from anywhere else, is it safe to use -all instead of ~all?
- Does it make sense to add specific SPF records for each of the mail servers?
- Any other problems with the zone file?
I want to confirm these things before making changes to my zone file. The file has SPF configured basically the same now, just without google.com and somehost, but I want to make sure I won't break things when I change it.
© Server Fault or respective owner