Search code examples
dnssubdomainspfspoofingemailrelay

How to create a Zone File SPF record for my customers to lookup when using our email service

Assume my ip address is 222.222.222.1 222.222.222.2 and my domain is mydomain.com

I wish to send regular emails on behalf of my customers domain from my servers. (relaying/spoofing)

hence my customers will need to enter my SPF include text into their txt record (v=spf1 ...). The same as I add salesforce.com and others to my txt record(v=spf1 ...):

e.g. "v=spf1 a mx ip4:222.222.222.1 ip4:222.222.222.2 include:_spf.salesforce.com -all"

What I don't understand is how I separate my SPF record (for sending my domains emails) with our email services SPF lookup (used by our customers)

This nearly answers it, except it does not say how to setup the Zone file record: How to create SPF record for many IPs (SPF longer than 255 characters)

Do I setup a txt record, an A record, a CNAME record, what type of record and how. I would assume this string goes in the data value area of my record???

e.g. "v=spf1 ip4:222.222.222.1 ip4:222.222.222.2 -all" and somehow it needs this subdomain "_spf.mydomain.com"

and then my customers txt record for SPF looks similar to this:

e.g. "v=spf1 a mx include:_spf.mydomain.com -all"

I am somewhat confident I am on the right track. I just do not know how it is implemented in my zone file.

Solution

  • When an email receiver chooses to validate a sender with SPF, it will look up TXT records for the sending domain (root or @ records), and look for exactly one that starts with v=spf1. That record can include anything it wants. Your customers will need a record of that form, and you will need one on your domain with your own sender setup.

    The root spf record can include any record it likes. It is common practice for email services to have SPF records at other, non-root paths (_spf.mydomain.com for example) for inclusion in other records.

    So in your zone file, you would have something like:

    _spf IN TXT   "v=spf1 ip4:222.222.222.1 ip4:222.222.222.2 -all"
@    IN TXT   "v=spf1 include:myownmailsender.com -all"

    Your customers add include:_spf.mydomain.com to their records, and you use the @ record to customize your own sending preferences.