Hi,
This is not optimal, your SPF record should be "v=spf1 mx ?all".
I disagree.
"v=spf1 mx ..." requires a DNS lookup which their existing SPF record
doesn't. Lots of people telling you how to set up SPF will say 'use
v=spf1 mx' because they don't want to explain the entire SPF record
format, and the 'mx' mechanism works for a large proportion of people.
Using specific IP addresses is more 'optimised' than using 'mx'.
As we often see here, your network your rules. The OP asks for advice, I
provided the advice I could on the basis on the information I had. Your
reasoning is IMHO wrong because the OP indicated that his mail server is
small, and handles "much much less than 100 messages per day". So IMHO
"optimization" is in his case useless, a few DNS lookups a day are more
than fine. And in that case the SPF record is more robust if, for a
reason or another, the IP address of his mail server changes.
?all vs -all is all down to opinion.
Personally, I'd never use '?all' - that seems to be a "we're not sure
what we're doing yet" rule. ~all or -all is better IMHO.
That's your opinion. My opinion is that "-all" is almost never a good
idea, and is certainly not a good idea for a small personal server. It
breaks forwards and mailing lists. "?all" does not mean "we're not sure
what we're doing yet" (that would be "+all"), it means "if none of the
previous policy rules matched, do not interpret this negatively". I agree
that "~all" is sometimes better, but again it tends to break forwards and
mailing lists.
Gregory
_______________________________________________
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
