Menu
I've been helping a client with their email system and realised that their webmaster entered the following as their SPF record.
v=spf1 exists:%{i}._spf.somedomain.com redirect=_spf.somedomain.com ?all
I've looked into the exists and redirect options. From what I can tell these mean that all emails sent "from" their domain would come through as authenticated with SPF?
449
The SPF (Sender Policy Framework) redirect is a record modifier that points to a separate domain name containing an SPF record. Domain owners can configure multiple domains to make use of a single SPF record hosted on one domain using SPF redirect.
An SPF record is a TXT record published in the DNS by the domain owner, which specifies a whitelist of IP addresses allowed to send emails on behalf of the domain.
Description. "v=spf1 mx -all" Allows the domain's MX hosts to send mail for the domain, and prohibits all other hosts. "v=spf1 -all" The domain sends no mail at all.
If no mechanism or modifier matches, the default result is "Neutral". If a domain has no SPF record at all, the result is "None". If a domain has a temporary error during DNS processing, you get the result "TempError" (called "error" in earlier drafts). If some kind of syntax or evaluation error occurs (eg.
The first part:
exists:%{i}._spf.somedomain.com
says insert the IP address, say 1.2.3.4 for example, giving:
exists:1.2.3.4._spf.somedomain.com
which says, if that DNS 'A' lookup works, it is a pass.
Having both a redirect and an all is kind of odd.
Redirect happens if everything else fails (which is why it should always be at the end of the SPF record), but all never fails to match.
If the all wasn't there the redirect:
redirect=_spf.somedomain.com
would says go fetch that SPF record process it.
143
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
