I have a mail server, let's say mail.example.com The PTR records connect mail.example.com with my server's ips (ipv4,v6). The HELO/EHLO response is mail.example.com
Now I want to send letters like [email protected]. Let's say I set MX mail.example.com @ TXT v=spf1 mx ~all mail TXT v=spf1 a ~all
It's said I should have SPF's for subdomains to protect them from spoofing: www TXT v=spf1 -all
Let's say I don't want letters lile [email protected] to be sent. But I can't have second record like: mail TXT v=spf1 -all And it would prevent HELO/EHLO validation.
Also I have CNAME's like autoconfig/autodiscover for mail. So they aren't protected too.
Is there way to allow HELO/EHLO validation but disallow sending emails from those subdomains?
example.com
, but not frommail.example.com
as domain portion of the sender address (from an SPF perspective)? You can put in place other restrictions at the mail server to disallow mails from other domains.v=spf1 a -all
for your server hostname. This will allow only your mail server to be able to send on behalf of your subdomain. Even if it is not supposed to.