-1

SPF says over limit 11 lookups, 4 lookups are nested in website include hosting and 4 in google (gmail gsuite), 1 mailerlite newsletter, 1 +a, 1 +mx, 0 +ip4. Absolute must keep: google (gmail gsuite) that is my email directly source and newsletter mailerlite. Website is contact forms where (via the website I received email:info@xxxvia web.hosting.com and client receives auto thanks direct from info@xx).

v=spf1 include:_spf.newsletter.com +a +mx +ip4:xx include:hosting-xxx.com +ip4:arecordip  include:_spf.google.com -all

If I remove +a, error in kitterman ambiguity warning no A found. If I remove +mx, passes.

Question, should SPF record include website hosting? If so, any suggestion on what can go?

In other post advice mx is sending and sometimes not needed. If mx is gsuite and include google is gmail/gsuite. Do you need both mx and google? And is it a good idea to remove mx? Appreciate thoughts?

Improve this question
9
  • "Question, should SPF record include website hosting?" Do you send emails from your hosting provider's servers?
    – ceejayoz
    Commented Mar 31 at 1:48
  • The type of record listed in the SPF record doesn’t matter. The point is that all of them resolve to one or more IP addresses where your email might originate from. Make sure all IP addresses where your mail will originate from is referenced in some way in the SPF record. Google will tell you what to add for gsuite. It doesn’t need to be included through multiple different records.
    – Appleoddity
    Commented Mar 31 at 2:49
  • @ceejayoz thanks. my main direct email is all through Gsuite and mailerlite is email newsletters both have set spf, easy and perfectly set up. Only emails from website server via the contact page. Generate enquiry (i get email from my website with enquiry in my gsuite show from: info@mydomainname via webxx.hosting-cloud.net and client get thanks email direct info@mydomainname no via webhost. In this scenario hosting server is only contact page, no other email service. do need to add spf for the website hosting server
    – Sally
    Commented Mar 31 at 4:51
  • @Appleoddity thanks. mail would originate from 3 sources. Main email gsuite and newsletter mailerlite, spf are given, easy to set up. Website only uses contact enquiry form set up with my gsuite email, delivers email to me info@mydomainname via webxx.hosting-cloud.net and client gets thanks direct email no via webhost. Website is not use for email delivery, in a way it is a source if use contact enquiry form. Is in that case do need to add spf for web hosting? If using spf_google (gsuite spf), then is mx obsolete can be removed (as only mx records points to in DNS are the gsuite ones)?
    – Sally
    Commented Mar 31 at 5:07
  • 1
    You need an entry for SPF for any place email originates from using your domain. That includes the web host. You do not need +mx or +a
    – Appleoddity
    Commented Mar 31 at 5:12

1 Answer 1

Reset to default
1

Google's NS admin is acting clueless, bit them with a clue bat. multi-part txt records are a thing and they should use them.

viz

$ host -ttxt _spf.google.com 
_spf.google.com descriptive text "v=spf1 include:_netblocks.google.com include:_netblocks2.google.com  include:_netblocks3.google.com ~all"

What the actual fuck Google! Did you fire all the copmpetent people, are you letting interns play with critical infrastructure, is this a part of the "Be evil" policy you now have?

Google should this instead: https://datatracker.ietf.org/doc/html/rfc7208#section-3.3

As you have "+ip4:arecordip" you don't need "+a" (assuming both are the same ip address) That will save one lookup.

The only circumstances where +mx is a single lookup are those where it gives no benefit at all. Typically mx will return mx records and each of those will need a further lookup. (unless it returns none, empty, or an A record that has already been looked up)

If your mx is google you can drop "+mx" too and save another 6 lookups because that stuff is covered by the google entry.

Improve this answer

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .