Solve SPF issues (SPF) (SRS)

Check knowledge of SPF setup:
– above 10 lookups must show “permerror” (following RFC guidelines)
– more than one SPF record disrupts
– ‘a’, ‘mx’, ‘redirect’ and ‘include’, in the end authorize for IPs
(use of a domain name is not more secure; other shared host users are included)
– ‘exists’ executes a DNS A record search for the domain provided
– setup of ‘a’ is interpreted as ‘+a’
– setup like can allow for A/AAAA IPs from the mentioned domain
– sequence of setup: reads from left to right
– watch out for double spaces
– make a difference in a DNS record to point to: an undercore in _spf, is not allowed in a domain name
– the tilde in ‘~all’ with ‘softfail’ may unblock for a foreign mail service
Note: Exim’s default routing on a server uses SRS for a ‘redirect’ (forwarding).
See also my SRS routing versus mail service routing setup on
– a dynamic SPF provision can resolve too many DNS lookups to plain IP addresses.

Analyze SPF:

My number of DNS lookups with SPF:
– 0x: v=spf1 (-all; generic SRS)
– 2x: v=spf1 (-all; generic SRS)
– 1x: v=spf1 (~all; generic SRS)
– 0x: v=spf1 (-all; both transactional and non-transactional mail)
– 4x: v=spf1 (~all; no SRS; ptr void lookups ensure pass)
– 2x: v=spf1 (~all; no SRS; for VPS customers of TransIP)

Example for SPF:
– outbound via the server’s MTA (Mail Transfer Agent)
– outbound via Exim or Postfix configuration to a mail service
– outbound via SMTP (or via SDK via HTTP) to Amazon SES
– bounces on incoming of the server
– use of a tilde in ‘~all’ may unblock for a foreign mail service v=spf1 v=spf1 ip4: ip4: ip4: ip4: ip4: ip4: ip4: ip4: ip4: ip4: ip4: ip4: -all v=spf1 ip4: ip6:2a01:7c8:bb09:262:5054:ff:fee2:a101 ip4: ip6:2a01:7c8:d008:32:5054:ff:fee8:665a ip4: ip6:2a01:7c8:bb0a:44e:5054:ff:fe0e:819f ~all [IP’s] ~all

Syntax of SPF:
How DNS lookup counts (and about void lookups):