What is the difference between a SPF include: and a:?

email spam-prevention spf
19,085

Solution 1

Another try at an answer for anyone else trying to put this together, and based on the syntax doc that OP is probably referring to, the open-spf.org "SPF Record Syntax" page.

Note: Previously this document lived at http://www.open-spf.org/SPF_Record_Syntax/, but that domain seems to have gone offline permanently in 2009. More details on the history and missing domain can be found here.

My answer is that yes, you seem to have it in mind.

  • a: Test the IP for a match in the A records for the domain.

  • include: Fetch the entire SPF record for the domain, evaluate IP against it, and if a PASS is found then that PASS becomes the result of the whole SPF test. If no PASS is found then it's not a fail, but your original/top-level SPF test continues (probably to the -all/~all/?all phase).

Reasons to use "a":

  • Because it's more predictable and straightforward.
  • Because you haven't set up SPF on the relevant domains.
  • Because you don't control those domains and the SPF isn't what you'd want (specifically if it's too lenient in accepting other servers that aren't in it's A records)

Reasons to use "include":

  • Because you already trust the SPF of the domain.
  • Because the SPF of the domain is complex, and you want to have a single source of truth for don't-repeat-yourself reasons.

Happy to be corrected!

Solution 2

1) include:other-domain.com just includes SPF records from other-domain.com. If SPF entries of other-domain.com allows some ip's (for example have an ip4: or a: entry), then those ip will be also be allowed.

2) true

Share:
19,085

Related videos on Youtube

loadbalanced
Author by

loadbalanced

Updated on June 04, 2022

Comments

  • loadbalanced
    loadbalanced almost 2 years

    I have read through the documentation but the difference is still not very clear to me.

    My understanding is: 1) include: will allow the IPs listed for the specified domain, and also any additional domains listed in that domain's own SPF records

    2) a: simply allows IPs listed for the specified domain

    Is that correct?

  • gog
    gog almost 5 years
    Remember, a: tests for a match in the A or AAAA records
  • Aaron Cicali
    Aaron Cicali about 4 years
    If you host a lot of websites but don't necessarily host their DNS, using an include: allows you to make future changes to the SPF records without making direct DNS changes to the domains that include yours.

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

PermError SPF Permanent Error: Too many DNS lookup
SPF Configuration for Mandrill and MailChimp?
Emails sent via Amazon SES going to spam in Gmail
Gmail is marking my emails as SPAM - Please help
How to avoid getting spam through a website?
Reduce likelihood of Mailchimp email campaign going to Spam
Sent emails pass SPF and DKIM, but fail DMARC when received by Gmail
Receiving thousands of "Mail delivery failed: returning message to sender"
How do you deal with spam when using a catch-all email address?
Prevent Sending Spam with my Yahoo Account?