dnsspf

how to create spf record as spf.example.com


usually, we get an SPF record in the form of spf.thirdpartyexample.com now if we install any email server we create an SPF record with ip:xx.xx.xxx.x reference link from validity

v=spf1 -mx -ptr include:_spf.mx.cloudflare.net -all

so my question is :

how to create an SPF record as spf.example.com for our own server in the same way we get from a third-party vendor?


Solution

  • You mean to "authorize" your own domain/s in your Bind/dns?
    If, then you should have

    yourdomain.tld.             IN TXT "v=spf1 a mx ~all"
    

    in your bind zone configuration file
    v=spf1 tells it's a spf record
    "a" tells that "yourdomain.tld" IP is allowed to send mail from yourdomain.tld
    "mx" tells that the mx server IP of yourdomain.tld is allowed to send mail
    "~all" tells that SPF queries that do not match any other mechanism will return “softfail”. Messages that are not sent from an approved server (the server with ip www.xxx.yyy.zzz = the ip of the mail server yourdomain.tld = "a". The server with ip aaa.bbb.ccc.ddd = the ip of the mx record of yourdomain.tld = "mx") should still be accepted but may be subjected to greater scrutiny...
    So, if your dns record is like

    yourdomain.tld.        IN      A       aaa.bbb.ccc.ddd
    mail.yourdomain.tld.   IN      A       www.xxx.yyy.zzz
    yourdomain.tld.        IN      MX      10      mail.yourdomain.tld.
    

    the SPF tells that

    1. if the mail is sent from aaa.bbb.ccc.ddd (the "a") that's ok
    2. if the mail is sent from www.xxx.yyy.zzz (the "mx") that's ok