SPF records for many servers with wildcard

Question

I email a large number of people (they all asked for the email, don't worry) and we're going to shard the email sending process across three servers.

The emails would either be sent from web1.mydomain.com, mail1.mydomain.com or mail2.mydomain.com

I want to change the SPF records for web1 to allow mail1 or mail2 to send the email, but every site I look on for advice seems to say something different.

So far, I've got

v=spf1 mx a:web1.mydomain.com a:mail1.mydomain.com a:mail2.mydomain.com -all

Is that right? And is there any way I can add a wildcard in case I add a further server, maybe something like

v=spf1 mx a:web1.mydomain.com a:mail[0-9].mydomain.com -all

Answer 1

You could configure a host name which resolves to several IPs. In the SPF entry you could then specify that host. Define the A records as follows.

mail.example.com.       3600    IN  A   127.0.01
mail.example.com.       3600    IN  A   127.0.02
mail.example.com.       3600    IN  A   127.0.03

Define the SPF records as follows.

example.com.        3600    IN  TXT "v=spf1 a ~all"

Check out the domain bitcointalk.org it has a very similar configuration to this. You can check SPF configurations of any domain here: http://spf.myisp.ch

I would avoid defining a FAIL (-). Use SOFTFAIL (~) instead because SPF entries usually cause problems with mail forwarding.