ID Verified
Trusted
BlakJak:
With A and MX you are declaring that:
- If the domain name has an address record (A or AAAA) that can be resolved to the sender's address, it will match.
- If the domain name has an MX record resolving to the sender's address, it will match (i.e. the mail comes from one of the domain's incoming mail servers).
I know, and thank you for spelling it out. I see I wasn't clear in my communication and I might have misunderstood the message from gorringS, but I read it as a "this will always work" message. I might have been wrong, and I was trying to say that it is not that easy.
BlakJak:
... "Most sites have Cloudflare as the A record" is irrelevant. If an email platform receives an email with the sender of your domain, and your domain SPF record says "A" and you resolve the IP address that makes the inbound connection to your A record, it passes. Job done. Sure, someone who uses Cloudflare _and_ chooses to point their A record at Cloudflare, may not be able to use that field. But OP hasn't done that. So your statement makes little sense.
When you are using Cloudflare the traffic is proxied through Cloudflare and your public IP-adresses won't be the same as the real web server address. But a lot of the time the email from the server (for forms, messages about errors etc) will be from the web server, but won't be listed in any A-records. That is what I was trying to say and it was an example where A records in the SPF record would not help.
I explicitly stated in my message that for sites that I host, this is true. Was not trying to say what is the right or wrong answer for the OP.
