What does MX in SPF mean?

domain-name-system domain mx-record spf
11,908

The first MX means that the IP addresses in the MX record(s) for the domain you're actually attaching the SPF record to should be accepted as valid. The second one means that IP addresses in the MX record(s) for the domain mail.mydomain.com should be accepted as valid. If this SPF record is for the domain mail.mydomain.com, then the second one is redundant. However, if the SPF record is for mydomain.com, then the second MX is not redundant.

Share:
11,908

Related videos on Youtube

Dan Repperger
Author by

Dan Repperger

Updated on September 18, 2022

Comments

  • Dan Repperger
    Dan Repperger almost 2 years

    I'm setting up an email server, and I'm a bit confused by SPF. Following some examples, I set my SPF record as follows...

    v=spf1 mx ip4:1.2.3.4 mx:mail.mydomain.com ptr:1.2.3.4 -all

    I follow what most of that means, but why is MX in there twice? I assume the second MX means, "This is a mail server for this domain." Am I right on that?

    And either way, what does the first MX mean? Does it just indicate anyone checking should look at the MX records stored apart from the SPF TXT record? And, if so, is the MX:mail.mydomain.com redundant with the actual MX records?

  • Håkan Lindqvist
    Håkan Lindqvist over 9 years
    I agree but I think it's worth pointing out that the example in the question (mx:mail.mydomain.com) looks peculiar. Is there really such an MX record? Typically people don't have addresses like [email protected]... (Also, the ptr directive is malformed.)
  • Dan Repperger
    Dan Repperger over 9 years
    The email address would be like [email protected]. The mail server is mail.mydomain.com. Both have the same IP address. With that being the case, what should my MX and TXT SPF records look like? Also, what does a correct PTR directive look like, if that one is malformed? I usually do programming, not server support, so this is all rather confusing to me. I really, really appreciate the help!
  • Dan Repperger
    Dan Repperger over 9 years
    I think I have it. Maybe. Domain is mydomain.com, and all zone records are for that domain. I create an MX record with a value of "mail.mydomain.com". I then create an A record that points to my IP address. Finally, I set the SPF to "v=spf1 mx a ptr -all". That will allow mail to go to and from *.mydomain.com (all subdomains are on the same IP address), but not from anywhere else. Is that right?
  • Mike Scott
    Mike Scott over 9 years
    If everything is on the same IP address, you don't need all of the a, mx and ptr entries, because they will all resolve to the same IP address (assuming your reverse DNS for mydomain.com is set up correctly). Any one of the three will do. But the extra ones do no harm, and could be useful later if you acquire more IP addresses. Note also that the SPF record has nothing to do with what email is allowed to go to *.mydomain.com; that would be down to the configuration of your email server software.
  • Paul
    Paul over 9 years
    Using the ptr mechanism violates RFC 7208.
  • answer42
    answer42 over 9 years
    @DanRepperger if it's just the one mailserver, which is the same as the domain MX, "v=spf1 mx -all" does the job and the rest is redundant. The MX record itself is what lets you actually receive mail -- if it's working, don't touch it!
  • Mike Scott
    Mike Scott over 9 years
    @Paul It doesn't violate RFC 7208, because it's a SHOULD NOT, not a MUST NOT.

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

How to define TXT SPF record with multiple senders
Do I need SPF, and how do I set it up?
If I change a nameserver but preserve the MX record will it harm email?
How to resolve SPF configuration to allow Google sending mails?
How to include multiple spf domains with different mechanisms in a single spf TXT Record
Are SPF needed for domains that do not send mails and do not have MX record?
Domain Computers cannot access internet
Cannot connect Windows 7 machine to windows 2003 domain
How do you connect to a local domain (i.e. mydomain.local) when you are outside of the network?
Internet connectivity with Domain Controller