How to set SPF record?

linux domain-name-system email postfix spf

8,445

Solution 1

You will need a TXT SPF record for each domain.

The following reason explains why:

If you send me an email from mail.example.com (as your postfix server) and claim to be [email protected] then my server (SPF capable) would look up the SPF record of domain1.com.

It would be specifically looking in the TXT SPF record of domain1.com for the mention of mail.example.com and whether it is permitted to send emails on behalf of domain1.com.

(http://www.openspf.org/FAQ/What_it_does)

Solution 2

I suggest you setup the SPF record for example.com as:

v=spf1 mx -all

(assuming mail.example.com is the MX for example.com) then set all of the virtual domains SPF records as:

v=spf1 redirect=example.com

so all further changes would be done on the example.com record.

Of course, these are suggestions; feel free to customize for your case.

Solution 3

Here are some free tools that helps you creating and validating SPF records:

8,445

Author by

Admin

Updated on September 18, 2022

Comments

Admin almost 2 years
I have configured postfix to use mail.example.com

I have many virtual domains, like:
- domain1.com
- domain2.com
- domain3.com
My question is, how to set the SPF? Do I have to set SPF for each domain or only to mail.example.com (MX) ?

These domains have to send email through mail.example.com.
MadHatter about 13 years

You will need one for each domain, but each can be of a very standard form using redirect= or include=, see TZOTZIOY's answer below (sorry, no omega on my keyboard).
Cry Havok about 13 years

The problem with using mx is two fold - not only does it require that all your outbound mail servers are also inbound mail servers listed in the MX record, but it requires extra DNS lookups over listing the servers by name. Listing them by name requires further DNS lookups over just using the IP.
ΤΖΩΤΖΙΟΥ about 13 years

@MadHatter: no worries (although there's always copy-paste ;)