I want to create an spf record like this "_spf.google.com" so that I can add different IPs against this record. After creating this record i will not have to add different IPs in my spf section of my domains.
I want to create an spf record like this so that I can add multiple ips behind this record and I can add this record to any spf section of my domains:
"my.domain.com. 5 IN TXT "v=spf1 a include:_spf.google.com -all""
Please suggest how to create this sort of record.
I'm still not sure I understand the question. But let me take a stab at it.
Assume you've got a couple of IP4 subnets from which you want to send emails. Call them 203.0.113.0/28 and 198.51.100.0/32 (or just 198.51.100.0). Then you can create a TXT record like:
_spf.domain.com. 5 IN TXT "v=spf1 ip4:203.0.113.0/28 ip4:198.51.100.0 -all"
Then if you want to send email from mail1.domain.com and mail2.domain.com you could just create records like
mail1.domain.com. 5 IN TXT "v=spf1 include:_spf.domain.com -all"
mail2.domain.com. 5 IN TXT "v=spf1 include:_spf.domain.com -all"
Then mail1.domain.com and mail2.domain.com will include the common IP list. If later you add another IP - say 192.0.2.4, you could update the _spf.domain.com record to be:
_spf.domain.com. 5 IN TXT "v=spf1 ip4:203.0.113.0/28 ip4:198.51.100.0 ip4:192.0.2.4 -all"
and the IP list for both mail1.domain.com and mail2.domain.com would be updated.
Does that answer your question?
Gmail.com redirects to the _spf.google.com. Which is a different domain.
⟩ dig TXT gmail.com +short
"globalsign-smime-dv=CDYX+XFHUw2wml6/Gb8+59BsH31KzUr6c1l2BPvqKX8="
"v=spf1 redirect=_spf.google.com"
Google then includes all the records it needs and keeps the management somewhat simple with large complex records. It splits them up into their won thing _netblocks.google.com, _netblocks2.google.com etc.
⟩ dig TXT _spf.google.com +short
"v=spf1 include:_netblocks.google.com include:_netblocks2.google.com include:_netblocks3.google.com ~all"
⟩ dig TXT _netblocks.google.com +short
"v=spf1 ip4:35.190.247.0/24 ip4:64.233.160.0/19 ip4:66.102.0.0/20 ip4:66.249.80.0/20 ip4:72.14.192.0/18 ip4:74.125.0.0/16 ip4:108.177.8.0/21 ip4:173.194.0.0/16 ip4:209.85.128.0/17 ip4:216.58.192.0/19 ip4:216.239.32.0/19 ~all"
For different domains you use
dig TXT somedomain +short
"v=spf1 redirect=_spf.primarydomain"
For the primary, you stack your records into some organisation.
dig TXT primarydomain +short
"v=spf1 include:_exchange.primarydomain include:_smtp.primarydomain ~all"
Then put the actual addresses, etc.
dig TXT _smtp.primarydomain +short
"v=spf1 ip4:1.1.1.1/32 ip4:1.1.2.1/24 ~all"
dig TXT _exchange.primarydomain +short
"v=spf1 ip4:1.1.1.1/32 ~all"
This might be outdated, but I tried to configure something:
_spf1.mydomain.com, but failed to lookup. In Mxtoolbox it complains I'm having SPF Record Null Value.
This is my DNS lookup result:
azmamo@LAPTOP-2PENU1KF:~$ dig TXT _spf1.mydomain.com +short
azmamo@LAPTOP-2PENU1KF:~$
But when I query directly from my nameserver, it shows fine. It's been a few hours and I don't think DNS propagation is the case here:
azmamo@LAPTOP-2PENU1KF:~$ dig @ns1.mynameserver.com TXT _spf1.mydomain.com +short
"v=spf1 ip4:192.168.1.1 ip4:192.168.1.2 ip4:192.168.1.3 -all"
Appreciate guidance here.
