DC DSLThere's a reason I'm Command.Premium
Dumb question about SPF records. We have a site for broadcasting incident alerts to subscribers. Call it "www.thedomain.com." The mail server that does the broadcasting is called "mail.thedomain.com." Adding to the mix, the customer requires that the message be addressed from "firstname.lastname@example.org" which is a completely different domain. We're confused about how to publish the SPF records so that "thedomain" and "mail.thedomain" are both recognized. Publishing it for "thedomain" shows up when you query the domain; however, when mail is sent, the headers come up as "not allowed or denied." The SPF record looks like this:
v=spf1 ip4:xx.xx.xx.xx mx:mail.thedomain.com ~all
What do we need to add to this one, plus the one for corporateparent.org?
"Dance like the photo isn't being tagged; love like you've never been unfriended; and tweet like nobody is following."
You only need the SPF to state that email from corporateparent.org is permitted to be sent from mail.thedomain.com so
v=spf1 a include:mail.thedomain.com -all
added to the DNS of corporateparent.org
When an SPF record is checked it will look to the DNS of the purported senders domain, not the domain it came from, in this case corporateparent.org. There it will find that mail from corporateparent.org is allowed to be sent from mail.thedomain.com I like the - and not a ~ unless you don't know all the servers that might send email from that domain.
West Henrietta, NY
|reply to DC DSL |
SPF records are around to provide a list of address from which it expected mail for the parent domain will be originated.
So if the sender domain is going to be corporateparent.org, the SPF records in that domain's DNS need to list the servers that will be sending mail on their behalf.
If effect they need to list all of there 'normal' mail servers, plus the ones that will be used by third-party services (such as your emergency alert system).