Geek Answers Handbook

SPF for subdomain to avoid email spam

SPF is a powerful way to avoid blocking emails as spam. However, SPF configuration is usually for the main domain, and I could not find the settings for the subdomain, and I'm not sure if it is effective at all. I want to configure my mail server on mail.domain.com on a separate server. SPF for the primary domain

 @ v=spf1 mx include:domain.com ~all @ v=spf1 a mx ptr ip4:0.0.0.0 ~all

And for the mail server (subdomain)

 mail.domain.com v=spf1 mx include:mail.domain.com ~all mail.domain.com v=spf1 a mx ptr ip4:1.1.1.1 ~all

where 0.0.0.0 is the primary IP address of the server, and 1.1.1.1 is the IP address of the mail server. Will this setting work with successful use of mail.domain.com for email (e.g. name@mail.domain.com)?

What other considerations can help avoid marking emails sent from the subdomain as spam?

+8
email dns email-spam spam spf
source share
2 answers

Simplify SPF setup. If I take your words literally, you will need three DNS records for SMTP:

  mail.domain.com.  A 1.1.1.1
  mail.domain.com.  MX 10 mail.domain.com.
  mail.domain.com.  Txt "v = spf1 ip4: 1.1.1.1 -all"

The second record (MX) is actually optional.

More reasonable setup based on your comment:

  mail.example.com.  A 1.1.1.1
  example.com.  MX 10 mail.example.com.
  example.com.  Txt "v = spf1 ip4: 1.1.1.1 -all"

This means that you can use mail addresses such as john@example.com, while your mail server may be on a different server than the one that serves as example.com. You must also configure a reverse DNS record (PTR record) for 1.1.1.1 to point to mail.example.com. Usually you need your hosting company.

+10
source share

A few other things that help:

  • Make sure your MTA IP address has a valid PTR record mapping (reverse-dns) for mail.domain.com
  • Deploy DomainKeys
  • Implement DKIM
  • Make sure you are not on DNSBL (and make sure you stay with them)
+4
source share

More articles:


All Articles