DNS zone file SPF configuration to support sending mail from multiple servers and gmail

Posted by Tauren on Server Fault See other posts from Server Fault or by Tauren
Published on 2010-03-13T04:58:19Z Indexed on 2010/03/13 5:05 UTC
Read the original article Hit count: 435

Filed under:
|
|
|
|

I want to configure SPF on a domain to allow mail to be sent from:

  • the x.com website server (x.com and www.x.com - both at same IP)
  • it's MX servers (smtp.x.com, mx.x.com, mail.x.com)
  • another server that isn't listed as an MX server (somehost.x.com)
  • via gmail using an account that has authenticated use of [email protected]

Will this zone file work? If not, what are the problems with it?

$ttl 38400
@           IN      SOA     ns1.x.com. hostmaster.x.com.  (
                                      201003092 ; serial
                                      8H    ; refresh
                                      15M   ; retry
                                      1W    ; expire
                                      1H )  ; minimum
@           NS  ns1.x.com.
@           NS  ns2.x.com.

@           MX  10 mx.x.com.
@           MX  20 smtp.x.com.
@           MX  30 mailhost.x.com.

; SPF records
@          IN      TXT "v=spf1 a mx a:somehost.x.com include:_spf.google.com ~all"
mx         IN      TXT "v=spf1 a -all"
smtp       IN      TXT "v=spf1 a -all"
mailhost   IN      TXT "v=spf1 a -all"

Questions:

  1. Is _spf.google.com the right thing to include for gmail.com, or is it only for Google Hosted Apps? If only for Google Apps, what should I include to send from gmail.com?
  2. If mail shouldn't be sent from anywhere else, is it safe to use -all instead of ~all?
  3. Does it make sense to add specific SPF records for each of the mail servers?
  4. Any other problems with the zone file?

I want to confirm these things before making changes to my zone file. The file has SPF configured basically the same now, just without google.com and somehost, but I want to make sure I won't break things when I change it.

© Server Fault or respective owner

Related posts about spf

Related posts about smtp