CF + SPF record → Hiding IP?

L

Look-in-Dimka2020-09-14 17:16:36

SPF

Look-in-Dimka, 2020-09-14 17:16:36

You need to add an SPF record for the domain associated with CloudFlare.
When adding a domain to CF, DNS records for this domain from the hosting were used. The SPF record looked like this:

v=spf1 ip4:*.*.*.* a mx include:_spf.example.com ~all

In ip4:*.*.*.* - hosting IP.

Question: how to hide the real IP of the host (which is also the IP of the mail server) in this entry?

Reply

Answer the question

In order to leave comments, you need to log in

3 answer(s)

Y

Yakov, 2020-09-14
@Look-in-Dimka

Good afternoon!
Your hosting IP is already registered by the "a" operator and you do not need to specify it again.
v=spf1 a mx include:_spf.example.com ~all - will be enough, the request will take into account the A records of your domain, where the same IP address is specified.
Moreover, unlike the IP operator, when changing the hosting or address, you will not need to change the record

V

Vladimir Dubrovin, 2020-09-15
@z3apa3a

Hide the real address in the way indicated above will not work if you want to send letters directly.
You can't use "a" because there will be Cloudflare address and not your server and SPF for emails sent directly will fail.
There is an option to hide the address in SPF, you can use the exists:{%i}.allow.example.com construct and create an A-record of your_IP.allow.example.com, then you can only check SPF if you already know the IP address. But you need to understand that any recipient of the letter will still see your real IP, if you want to more or less reliably hide the server, then external services should also be used for mailing.

R

Ruslan Fedoseev, 2020-09-14
@martin74ua

take the mail to which Yandex\Google thread and send it through it.