Home | Sitemap | Recent Changes | Login

SPF Logo

Sender Policy Framework

FAQ/One record for each domain

Do I have to publish spf for each of my smtp servers?

No (or better: probably not, you are asking the wrong question).

You should publish spf records for each and every domain you wish to protect from being used by spammers/virusses. If, for example, your domain is somedomain.tld and you furthermore have a subdomain www.somedomain.tld registered, you would publish for both somedomain.tld and www.subdomain.tld (the latter probably being set to "v=spf1 -all").

You will have to publish a policy for each and every domain that has an A record, an MX record, or both. This includes wildcard domains (*.example.org) and the domain which forms the top of your zone (@).

Why? Consider how spf works: when an spf aware mail server receives an incoming message it will request the spf record for the domain in the envelope from. If you only publish the spf record on somedomain.tld, and not on www.subdomain.tld, a forged message pretending from www.subdomain.tld will be happily accepted for lack of an spf record.