I have a web application that has two web servers that have SMTP servers, with the following names:
- mail01.mydomain.com
- mail02.mydomain.com
I have the SPF record setup for the second level as:
v=spf1 a mx -all
With Network Solutions, you add an asterisk as a wildcard for the host to cover all hosts. Does this setup cover mail01 and mail02, or do I need an SPF record for mail01 and mail02?
With regard to SPF, the hostname of your mail servers do not matter; what does is what you actually use for email addresses. So if you use @mydomain.com addresses, then you need a SPF record for the domain. If you have email addresses like [email protected] and [email protected], then you ALSO need SPF records for mail01 and mail02.
Actually, if you do not use the third level names for email addresses, it might be a good idea to have SPF records to prevent spoofing with
v=spf1 -all
.Publish your SPF data as TXT records and if your bind supports it add SPF records. All A records which do not support sending mail should have a
v=spf1 -all
record.The SPF site recommends using ip addresses in the form
ip4:192.0.2.0
. You only need the address of servers which should be sending email to the network. This may not be your MXs which should be accepting email, and may send email. Only enable sending addresses for domain and sub-domains which send e-mail. If you have roaming users, configure the submission port, and have them send via your mail server. This allows you to end your rule-all
rather than one of looser configurations.Further details are available from the Sender Policy Framework site. My website has article on setting up mail services using Exim which covers SPF.