Is it me? or do a lot IT/DNS admins not know how to configure SPF correctly?

✨ Quic broadband | Apple TV | Samsung | AliExpress | Wise | Sharesies

Welcome Guest.

You haven't logged in yet. If you don't have an account you can register now.

Forums › IT Pro and developers › Is it me? or do a lot IT/DNS admins not know how to configure SPF correctly?

dimsim

867 posts

Ultimate Geek
+1 received by user: 151

Trusted

Lifetime subscriber

#292990 18-Dec-2021 14:21

Send private message

I used to have my Exchange Server fail anything that didn't pass SPF but found I was constantly blocking email that I actually wanted.

I've since removed the block so I can actually receive those emails but prior to this made contact with several local businesses and helped them configure SPF correctly so I could receive their communications.

A big IT supplier of mine (no names mentioned) happens to think it's a great idea to send email as my domain when sending out MS licensing and just thought that this would work but without consultation and from servers outside of my SPF record. Other suppliers (IT/Networking space) that should know better have also failed in this regard and despite pointing out the glaring errors think there is nothing wrong with sending via a mail service like mailchimp but not adding the mailchimp include record to their SPF record.

Does anyone else see issues like this at all?

This is a filtered page: currently showing replies marked as answers. Click here to see full discussion.

raytaylor

4076 posts

Uber Geek
+1 received by user: 1296

Trusted

#2835501 19-Dec-2021 12:16

Send private message

Your right. Many domain admins are not very good at SPF at all.
Though I have never understook DKIM or took the time to learn, but SPF does well for me most of the time.
I always use a hard fail on my instructions for our domain to other mail servers.

One of the things you can do is include an smtp server address of the external company in your domain spf record.
Eg. If something like Xero? is sending invoices to customers on your behalf and you trust them, you can include their smtp address as an allowed source of messages.

As long as they are using the same ip addresses for outbound mail then its possible for them to maintain their own list of ip addresses and it will create a chain of lookups for the recipients mail server to check and verify.

In the case of google apps for business, if you add spf.google.com to your spf record hosted elsewhere, it automatically allows all the gmail/google outbound servers to send on your behalf.

By using a hard fail instruction to other servers, I encourage our customers to relay through our smtp server so that we can verify their credentials, set outbound hourly limits and maintain a good reputation.

Ray Taylor

There is no place like localhost

Spreadsheet for Comparing Electricity Plans Here

News and reviews »

Philips Hue Play Wall Washer Review
Posted 13-Apr-2026 14:00

New ECOVACS DEEBOT T80S OMNI Available Now
Posted 9-Apr-2026 11:11

Ring Brings 4K Video to Battery-Powered Doorbells
Posted 9-Apr-2026 11:01

Synology Announces a New Privacy-First Home Monitoring Experience for BeeStation Plus
Posted 9-Apr-2026 10:02

GIGABYTE X870E AERO X3D DARK WOOD Redefines the Motherboard
Posted 7-Apr-2026 14:06

Datacom Acquires Auckland Data Centre from T4
Posted 2-Apr-2026 09:43

Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.

Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Support Geekzone »

You can support Geekzone with a one-off or recurring donation via PressPatron.

RSS feeds: Main feed; Forums feed
Copyright: ©2002-2026 Geekzone®

Site features: Geekzone BI dashboard; Geekzone Badges; Geekzone Status Page

Site Information: Subscribe to Geekzone; Privacy Statement; Forum Usage Guidelines (FUG); Advertising; Trademark and copyright