If your MX and A records are also in the 216.15.92.0/25 network, then you don't need to specify the "a" and "mx" parameters, so you could simplify to
No enforcement, other hosts may send mail for the domain "v=spf1 ip4:216.15.92.0/25 ?all" Soft fail if policy violated. Filters may or may not block on soft fail. "v=spf1 ip4:216.15.92.0/25 ~all" Hard fail if policy violated. Filters should block on hard fail. "v=spf1 ip4:216.15.92.0/25 -all" However, if you send from an MX or A record (web server) that is not in the 216.15.92.0/25 subnet then you may need those. If you use a soft or hard fail policy, it's very important that you identify _all_ sources of outbound mail for the domain, including all mail servers, marketing mail engines, webservers, external hosts, etc. Otherwise you're liable to have mail blocked as a result of your policy. I've see this happen with a number of larger organizations, where they have forgotten web servers with form-to-mail functions, marketing personnel sending out newsletters, or mobile users using ISP SMTP servers. Regarding your last three records, do you have subdomains with MX records for direct.commarts.com, mail.commarts.com, and smtp.commarts.com? I.e. do you receive mail to @direct.commarts.com, @mail.commarts.com, and @smtp.commarts.com addresses? If not, you don't need those records. Hope this helps, Darin. ----- Original Message ----- From: "Michael Hoyt" <[EMAIL PROTECTED]> To: "Declude JunkMail @declude.com" <[email protected]> Sent: Wednesday, February 07, 2007 2:30 PM Subject: [Declude.JunkMail] OT: SPF record question Sorry for the re-posting but I forgot to add a Subject. I am finally getting my SPF records up but would like some comments on whether I got it right. I would like to be able to send email from any IP address in my 216.15.92.0/25 network. Currently I have MX records for mail.commarts.com (216.15.92.3) which is the only mail server that receives mail and direct.commarts.com (216.15.92.15) and smtp.commarts.com (216.15.92.13). Using the Wizard at openspf.org I generated the following SPF records: commarts.com. IN TXT "v=spf1 ip4:216.15.92.0/25 a mx ~all" direct.commarts.com. IN TXT "v=spf1 a -all" mail.commarts.com. IN TXT "v=spf1 a -all" smtp.commarts.com. IN TXT "v=spf1 a -all" After reading page 15 of the Whitepaper pertaining to the ~all,-all or ?all part of the text in the first record my question is: If I know that ALL email from my domain will originate from 216.15.92.0/25 should the text be -all and not ~all? And my last question is are the three txt records mentioning my MX servers necessary if I have 216.15.92.0/25 in the first record? Thank you in advance for any insight. -- Michael Hoyt Web Site: http://www.commarts.com --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
