On 2021-06-29 02:09:10 (+0800), White, Daniel E. (GSFC-770.0)[NICS]
wrote:
We are trying to understand all of these because we will be required
to use them eventually.
I am getting my info at https://www.dmarcanalyzer.com/spf/
If we add an IP to our SPF record, is any additional action necessary
for the DMARC and/or DKIM records ?
Not necessarily. If the additional server doesn't share a DKIM key with
any of the others, you'll need to add its key to the DNS as well. If
it's another server in the same administrative domain and you have a
secure way of sharing a DKIM key with an existing server, there's no
need.
The site says, " When using SPF you need to take note of a limitation
in this technique. The number of DNS lookups which are allowed to take
place is limited to 10." If we have more than 10 email senders, are
we SOL or is there a way to include them without breaking this rule ?
If you can list the IP addresses in the SPF record, there won't be
additional lookups:
"v=spf1 ip4:10.0.0.0/28 ~all" = one lookup
"v=spf1 mx ip4:10.0.0.0/28 ~all" = two lookups
"v=spf1 mx include:spf.example.net ~all" = at least two lookups
Multiple SPF records ?
Even with a crazy number of senders, you should be able to figure out a
way to limit yourself to only a couple of levels of indirection.
Philip
--
Philip Paeps
Senior Reality Engineer
Alternative Enterprises
