Hi I was just wondering if there are no mx records on my domain then is it necessary to have spf records. I mean if i don't have mx records will the spammers be able to send spam mails through [email protected] ?
The actual thing I want to know is do I need to add spf records to my unused sub-domains if i have no mx records ?
I know that spf records are used to filter out phishing emails but if I have no mx records does does it still make my domains vulnerable to spamming ?
As anybody can forge any sender, a spammer may very well send emails in your name, e.g. as [email protected]. This has nothing to do with MX records, this is just how SMTP works: as long as the sender address is syntactically valid, it is considered to be a valid sender.
However, receiving servers may subject the emails to a number of tests, SPF being one of these. This provides a mechanism for you to let others on the Internet know who you allow to send such emails. For instance, an SPF policy like "v=spf1 -all" will let everyone know that nobody is authorized to send emails from that domain.
To be fair, the receiving parties may also verify the presence of MX records during the email validation, but as DNS A RRs should also be accepted for email exchange, this provides a lot weaker evidence than a hard SPF declaration.
Due to the above, I recommend that you define an SPF policy like "v=spf1 -all" for your subdomains.