> On 11 Jan 2023, at 13:08, Simon Burke via mailop <mailop@mailop.org> wrote: > > All, > > This is an odd scenario, but sadly one I find myself in. > > Work is a large organisation, and currently does not have an SPF record. The > reason is that there are a large (and unknown) number of internal and > external parties that send mail on our domain, as well as sub-domains.
Most bulk services use either a custom subdomain in the customer’s domain space for the 5321.from or their own string in the 5321.from. This is primarily to deal with bounces - as anything that fails to deliver should go back to the sending service not to the original sender. A lot of places (SES, Mailchimp, Constant Contact) use their own 5321.from addresses by default and there’s no need to add the include: record at all. If your user base is using custom 5321.from you’re going to need to set up DNS records for those (CNAMEs are common). Do you have a lot of users with 1 to 1 email through external relays? > So, even if we do determine who sends email on the domain, we would then have > an issue with max lookups and record length. I find, generally, this happens but in most cases it doesn’t have to. Despite what a lot of people think, they don’t need to add an include for every service they’re using in the spf record for their organizational domain. > I know we can use an SPF flattening service. However that either has a cost. > Or, although we can develop something in house, there's a 'bought not built' > ethos being pushed by management. Sparkpost uses macros, would that be possible? > As an out the box idea, what would the potential impact be of having an SPF > record stating just: > > "V=spf1 a mx +all" > > How bad of an idea would this be? If we also had a DMARC record set to either > quarantine or reject. Anecdotally, that would be a bad idea. What I’ve heard is this is actually something done for botnet sending and is treated as a bad reputation indicator. I don’t ever recommend this. laura -- The Delivery Experts Laura Atkins Word to the Wise la...@wordtothewise.com Email Delivery Blog: http://wordtothewise.com/blog
_______________________________________________ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
