No mx lookup in the SPF? Why not : mail.example.org. TXT "v=spf1 mx ip4:1.2.3.4 ip6:AAAA:AAAA -all"
And why no A record.... Every host in you dns with A can send, which is not (always) what you want. For example: www.example.org and now you server gets comprimized and is spamming.. Which is by : "v=spf1 a -all" all allowed. And if you need an A : mail.example.org. TXT "v=spf1 mx A:hostname.domain.tld -all" which covers also AAAA lookups. Just my suggestion. And best is also to read : https://tools.ietf.org/html/rfc7208#section-2.3 Greetz, Louis > -----Oorspronkelijk bericht----- > Van: s...@andreasschulze.de [mailto:owner-postfix-us...@postfix.org] Namens > A. Schulze > Verzonden: maandag 2 januari 2017 16:42 > Aan: postfix-users@postfix.org > Onderwerp: Re: SPF entries for IPv4 & IPv6 > > > > Am 02.01.2017 um 14:18 schrieb Sebastian Nielsen: > > OFC you must specify both unless you have completely disabled sending of > outgoing mail via IPv6. > > I think, that's wrong > > One may publish records like "v=spf1 a -all" for a host mail.example.org > > mail.example.org. A 192.0.2.25 > mail.example.org. AAAA 2001:db8::6:25 > mail.example.org. TXT "v=spf1 a -all" > > This require two or three dns lookups. (1x TXT, 1x A and 1x AAAA depending > on the spf implementation) > > To save lookups and make the authentication more robust it's also possible > to > specify the addresses explicit: > > mail.example.org. A 192.0.2.25 > mail.example.org. AAAA 2001:db8::6:25 > mail.example.org. TXT "v=spf1 ip4:192.0.2.25 ip6:2001:db8::6:25 -all" > > this way one minimize the need for a receiver to do "many" lookups. You > give the receiver all information > with the first answer and thus have a higher chance the spf authentication > will succeed. > > (hope no typo above...) > > Andreas
