I want to configure SPF on a domain to allow mail to be sent from:
the x.com website server (x.com and www.x.com - both at same IP)
it's MX servers (smtp.x.com, mx.x.com, mail.x.com)
another server that isn't listed as an MX server (somehost.x.com)
via gmail using an account that has authenticated use of
[email protected]
Will this zone file work? If not, what are the problems with it?
$ttl 38400
@ IN SOA ns1.x.com. hostmaster.x.com. (
201003092 ; serial
8H ; refresh
15M ; retry
1W ; expire
1H ) ; minimum
@ NS ns1.x.com.
@ NS ns2.x.com.
@ MX 10 mx.x.com.
@ MX 20 smtp.x.com.
@ MX 30 mailhost.x.com.
; SPF records
@ IN TXT "v=spf1 a mx a:somehost.x.com include:_spf.google.com ~all"
mx IN TXT "v=spf1 a -all"
smtp IN TXT "v=spf1 a -all"
mailhost IN TXT "v=spf1 a -all"
Questions:
Is _spf.google.com the right thing to include for gmail.com, or is it only for Google Hosted Apps? If only for Google Apps, what should I include to send from gmail.com?
If mail shouldn't be sent from anywhere else, is it safe to use -all instead of ~all?
Does it make sense to add specific SPF records for each of the mail servers?
Any other problems with the zone file?
I want to confirm these things before making changes to my zone file. The file has SPF configured basically the same now, just without google.com and somehost, but I want to make sure I won't break things when I change it.
