SPF record to validate e-mail from Google Apps
root@manager:~# dig @ns1.linode.com TXT mydomain.com
; <<>> DiG 9.7.3 <<>> @ns1.linode.com TXT mydomain.com
; (2 servers found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 6617
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 5, ADDITIONAL: 10
;; WARNING: recursion requested but not available
;; QUESTION SECTION:
;mydomain.com. IN TXT
;; ANSWER SECTION:
mydomain.com. 86400 IN TXT "v=spf1 a mx ~all"
;; AUTHORITY SECTION:
mydomain.com. 86400 IN NS ns1.linode.com.
mydomain.com. 86400 IN NS ns3.linode.com.
mydomain.com. 86400 IN NS ns5.linode.com.
mydomain.com. 86400 IN NS ns2.linode.com.
mydomain.com. 86400 IN NS ns4.linode.com.
;; ADDITIONAL SECTION:
ns1.linode.com. 86400 IN A 69.93.127.10
ns1.linode.com. 86400 IN AAAA 2600:3c00::a
ns2.linode.com. 86400 IN A 65.19.178.10
ns2.linode.com. 86400 IN AAAA 2600:3c01::a
ns3.linode.com. 86400 IN A 75.127.96.10
ns3.linode.com. 86400 IN AAAA 2600:3c02::a
ns4.linode.com. 86400 IN A 207.192.70.10
ns4.linode.com. 86400 IN AAAA 2600:3c03::a
ns5.linode.com. 86400 IN A 109.74.194.10
ns5.linode.com. 86400 IN AAAA 2a01:7e00::a
;; Query time: 23 msec
;; SERVER: 2600:3c00::a#53(2600:3c00::a)
;; WHEN: Fri Jun 15 15:35:44 2012
;; MSG SIZE rcvd: 381
root@manager:~#
I'm still learning how to configure DNS, as I understand some TXT records.
Thank you in advance.
5 Replies
They recommend the following if you ONLY send from google apps:````
v=spf1 include:_spf.google.com ~all
If you send mail from both google apps and your server, then you'd want to combine that with what you already have:````
v=spf1 a mx include:_spf.google.com ~all
For verification, send email using your domain to:
This is useful when you start using mail servers that have IPv6 enabled as well. Gets a bit trickier
@Dweeber:
Note that using ~all basically is saying you have listed IP's that send your email but their may be email from others. If you are going through the trouble of setting up SPF… not sure why you would use that.
With "-all", one mistake from either you or whoever's spf you included can result in your mail being lost. The main benefit to the use of "-all" is that other people may see less spam. For most people the risk is not worth the benefit and "~all" is more appropriate.
For sure when you are handing out advice to people who may or may not understand the in's and out's of SPF it is much safer to suggest "~all". If you want "-all" you are probably not going to need to ask anyone for help.
Disclaimer: I use "-all" on all my domains
If you are setting it up just so servers will accept your email, then the use of ~all won't matter much.
But if you are like me and less concerned with spam and more concerned with others using your mail domain(s) for unauthorized messages, making sure you have your SPF record correct and using the strict setting is the only thing that makes sense.
That and hoping other mail servers will use and honor your SPF strict settings helps prevent your mail domain(s) from being used from mail sources you didn't specify.
Setting ~all when testing makes total sense, just like setting t=y in your DKIM record to indicate you are in testing mode.
You have the best success with email delivery when you have taken the time to ensure that your mail server(s) not only are configured correctly but also that all components of the the email are properly setup. Proper MX records, proper HELO host names, forward and reverse DNS matching, masking internal hosts in headers etc..
Both are falling to the senders of spam.
; acessofacil.in [293019]
$TTL 86400
@ IN SOA ns1.linode.com. acessofacil\.linode.gmail.com. 2012070243 14400 14400 1209600 86400
@ NS ns1.linode.com.
@ NS ns2.linode.com.
@ NS ns3.linode.com.
@ NS ns4.linode.com.
@ NS ns5.linode.com.
@ 3600 MX 1 aspmx.l.google.com.
@ TXT "v=spf1 mx a include:_spf.criaenvio.com include:_spf.google.com ~all"
@ A 66.228.59.135
* A 66.228.59.135
git A 66.228.59.135
www A 66.228.59.135
box CNAME ghs.google.com.
mkt CNAME cname.criaenvio.com.