What is the best way to implement spf?

E

Evgeny Matveev2018-05-11 17:06:39

SPF

Evgeny Matveev, 2018-05-11 17:06:39

The essence of the problem is this.
A) There are many ADD client servers domain1,2,3+∞
B) There are many ADD mail servers mail1,2,3+∞
///Problem///
Each client server must send through all mail servers. Preserving SPF, DMARC and DKIM policies
///Problem///
It is very inconvenient for each domain1,2,3+∞ to prescribe an allowing spf entry for a large number of mail1,2,3+∞, especially considering that they can be added. What is one, what is the other.
-------------------- I think the solution is ------------ -------------------------------
A) Create your own DNS server dnsdomain.ru for example.
B) Existing and registered clients of domain1,2,3+∞ domains are invited to make an entry like v=spf1 redirect=_spf.dnsdomain.ru
This is not difficult, not difficult in principle - they will manage it. At the same time, I already register permissions for spf on dnsdomain.ru - again, for each mail1,2,3+∞
- Not very convenient - but feasible.
///Actual question///
How many records can be registered dnsdomain.ru, and it is better to register both the domain and ip or ip is enough
///I ask for advice///
How do you think you can simplify the task and save the rules.

Reply

Answer the question

In order to leave comments, you need to log in

1 answer(s)

V

Vladimir Dubrovin, 2018-05-11
@z3apa3a

The problem with a large number of domains is really solved through include: or redirect=.
In the SPF policy, it is enough to prescribe ip. This is the most correct solution, provided that the number of IPs does not exceed a reasonable amount and will not lead, for example, to exceeding the size of the DNS response.
In this case, you can use SPF with macro substitutions, for example,
or
and prescribe allowed mail servers for each domain in the designated zone. But to do this in a situation where you can get by with listing addresses and networks via ip4: I would not recommend it.