Do I need to publish an SPF entry for all my SMTP servers?

Sender Policy Framework

Answer to the question from the area: General


Do I need to publish an SPF entry for all my SMTP servers?

No (or better: probably not, you asked the question wrong).

 

In any case, you should publish an SPF record for each domain you want to protect from spammer/virus abuse. For example, if your domain was (somedomain.tld) and you still had a subdomain (www.somedomain.tld) registered, you would publish an SPF record for both (somedomain.tld) and (www.somedomain.tld). So you only need to publish one policy for each domain that has an A record, an MX record, or both. This includes wildcard domains (*.example.org) and the domain that is the top of your zone (@).

 

But why?

This is because of how SPF works: For example, when an SPF-enabled mail server receives a message, it requests the SPF record for the domain in the envelope. So if you publish the SPF record only on somedomain.tld and not on www.subdomain.tld, a fake message coming from www.subdomain.tld would also be accepted.


Back to overview: SPF - Questions and answers
© 2012 - 2020 nicmanager.com