On Thu, 21 Oct 2021 12:05:26 +0100 Mark Rogers mark@more-solutions.co.uk allegedly wrote:
On Wed, 20 Oct 2021 at 14:23, mick mbm@rlogin.net wrote:
No, it just complicates the SPF record. You will need an "include:" for all the mail systems which are allowed to send mail from your domain.
IIRC the SPF record can either tell recipients to reject mail that doesn't come from those mail systems, or simply say nothing about them? (I'm all for putting the effort in to improve things for the systems I know about, but I don't want to break the ones I don't know about in the process.)
Yes, the SPF record can say "accept mail from this server, and pnly this server, reject all others". You can see examples of the correct syntax at: http://www.open-spf.org/SPF_Record_Syntax/ and you can test syntax at: https://www.kitterman.com/spf/validate.html
For example, my domain SPFs are: "v=spf1 mx -all" which says, "accept mail from any MX host for this domain and reject it if it comes from anywhere else".
(I could set up my own mail server, ...,
And you might then find that no-one will accept mail from your domain at all. As I said, it is becoming increasingly difficult to get email accepted unless it comes from a large recognised source.
Fair point.
I have looked at third parties to provide this, eg forwardemail.net, but I don't know whether that would help or hinder (and I'd still have to take care of SPF records etc)
Yep - if you manage the DNS then you are responsible for ensuring the SPF records are correct.
Mick
--------------------------------------------------------------------- Mick Morgan gpg fingerprint: FC23 3338 F664 5E66 876B 72C0 0A1F E60B 5BAD D312 https://baldric.net/about-trivia ---------------------------------------------------------------------