I have 2 spf records for my email example.com
The first one is from my hosting provider. I DO send and receive email through my hosting provider. Emails from here do not go to spam.
"v=spf1 ?include:custspf.register.com"
Second SPF is for my digital ocean droplet. I ONLY want to send email from the sever NOT receive. All messages from this server go to spam.
"v=spf1 mx a ip4:111.22.33.44/32 a:example.com ?all"
http://www.openspf.org/Why output
An SPF-enabled mail server rejected a message that claimed an envelope sender address of [email protected]. An SPF-enabled mail server received a message from example.com (111.22.33.44) that claimed an envelope sender address of [email protected].
The domain example.com has published an SPF policy, however, an error occurred while the receiving mail server tried to evaluate the policy:
Redundant applicable 'v=spf1' sender policies found.
I have tried to update the second spf to
"v=spf2 mx a ip4:111.22.33.44/32 a:example.com ?all" but it did not help.
Googleing around I have seen many articles that suggest not using multipule spfs record and use 1 and combine them.
Original Message Message ID <[email protected]> Created at: Tue, Jan 29, 2019 at 1:25 PM (Delivered after 1 second) From: [email protected] To: [email protected] Subject: Thank You SPF: NEUTRAL with IP 111.22.33.44 Learn more
Delivered-To: [email protected] Received: by 2002:a0c:b551:0:0:0:0:0 with SMTP id w17csp4938564qvd; Tue, 29 Jan 2019 10:25:30 -0800 (PST) X-Google-Smtp-Source: ALg8bN5vX+AyxqxIugeeTu1/0TXws8MIcy6s5+xtxYqLDnMaKoy5CV6mkyVAJVuczjD8byDDVmI1 X-Received: by 2002:ac8:1a59:: with SMTP id q25mr26590924qtk.387.1548786330055; Tue, 29 Jan 2019 10:25:30 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1548786330; cv=none; d=google.com; s=arc-20160816; b=a5ZUgIvytUIfGVZcQl8dyvJvO6d2GaU2p4dZPAqQ046Fwyy9pGdK6zuhgwvkcUgoWV TyBg062SKMQc7NFZ6BurvirUB8k+4vpqDSg7fgitU08j2JFyQEOh1in2wumHs+s6QY2k IfVe1w0uApBaXETunHUbE0WRMHyKBjzEf63X9eyb/LjqVsTrNo96BUxaZXoWo8t3tkfC N1c/9dPfJpjNTtpB0ql4msGqpXYFTSqKkxruN3e82zsrBwnYoc0iSVwJSUz6PaZA6vaJ BFbfklS8zN68eWIBBdCuNYNxywU/ix5Icjt8iNPTiLovyadnYJAPWlXk0YFlpPipb2A2 W+bA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=from:subject:to:message-id:date; bh=2PBWkaoD+bPrwpJMJgA9+kttIMeDqJhJn6syhiLs5PY=; b=q+JkyqBCFIwelNq7rjs6lm+9LuPA6myRrYPNoMucrGOVu2r9cK2zhpoPu7ov9EzQjl dOn75+xht2u6blQDLMLbklIF7IZ8wIhUpSy5iBTBf0S+hsVMgLYaiGFzP6EMn14LxFxT vZ+CGw94WL2D73V7idO22Zi4kwsBDVILEGBNOrSfXbYndG+xSG2I2DgnJhjDL2a92grZ rcp8lDyDMJ5gadsIDJIJBiWUV0JFF5wEPWYTLT/Ttn/p9b4yMbTbMQxqSFTJ5fRXp12s jbHLARQyMQL5s2sWZuv71rPJDt5n4Ta1gRPWyBYXGYYQvxl9NbIByzS7lsfm4LN1wUBb CUEg== ARC-Authentication-Results: i=1; mx.google.com; spf=neutral (google.com: 111.22.33.44 is neither permitted nor denied by domain of [email protected]) [email protected] Return-Path: Received: from example.com (example.com. [111.22.33.44]) by mx.google.com with ESMTPS id a31si3538773qvh.91.2019.01.29.10.25.29 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 29 Jan 2019 10:25:30 -0800 (PST) Received-SPF: neutral (google.com: 111.22.33.44 is neither permitted nor denied by domain of [email protected]) client-ip=111.22.33.44; Authentication-Results: mx.google.com; spf=neutral (google.com: 111.22.33.44 is neither permitted nor denied by domain of [email protected]) [email protected] Received: from example.com (example.com [127.0.0.1]) by example.com (8.14.7/8.14.7) with ESMTP id x0TIPTnE001820 for ; Tue, 29 Jan 2019 18:25:29 GMT Received: (from donna@localhost) by example.com (8.14.7/8.14.7/Submit) id x0TIPT8L001819; Tue, 29 Jan 2019 18:25:29 GMT Date: Tue, 29 Jan 2019 18:25:29 GMT Message-Id: <[email protected]> To: [email protected] Subject: Thank You X-PHP-Originating-Script: 0:testemail1.php From: [email protected]
Thank You
I have also confirmed that reverse dns matches
Question 1:
How can I combine
"v=spf1 ?include:custspf.register.com" and "v=spf1 mx a ip4:111.22.33.44/32 a:example.com ?all"
Into 1 spf?
Question 2:
Is there a better way?
Question 3:
Do i need an mx record for a server if I am only receiving emails?
1- For combining more than one spf, a good answer could be looking for some spf that has achieved that already (you can try a good example by digging some, the command would be
dig txt domain.name)For that, i.e. you can check sendgrid or any other email sending "specialist" (they live on that, so maybe could be a good option (check as well email services that offers several domains, such as hotmail.com / live.com ...
Keep that as an example, and maybe look for something that may fit better what you are looking for.
2- I would say it would be a good idea and easier to mantain if each domain has it's own txt record and you include it as in the mentioned example. If you are really interested into sending emails and reputation, I would keep sending different domains in different addresses (whenever possible) to not harm some email reputation with the other domain.
3- It is always a good practice to have an abuse@ account for handling rejections, bounces, etc. So yes, I would rather say having mx helps in email reputation (I would say is de facto / mandatory, as any serious provider would ensure it exists and eventually you may handle it indirectly) don't know by now but by the time I was working with email, that was an important part of "reputation building techniques"
Here you can find an spf builder if it helps checking syntax, never used it though
https://tools.wordtothewise.com/spf
but mentioned in relation to this post (https://stackoverflow.com/questions/6110534/how-to-create-spf-record-for-multiple-ips) not duplicated though (as the answer doesn't seem to work anymore there)