1

Reading documentation about SPF records, I can't quite seem to disambiguate the meaning of "sender". It could mean "the IP where the mail client sent the message" or it could mean "the IP of the mail server that the mail client is contacting".

So, it could be my home/business IP address (where my mail client is), or it could be just the address of valid mail servers.

Dave Cousineau
  • 135
  • 7
  • Are you sure the email protocol considers the client as a "sender". I suspect the first step is to get the email accepted into a server. That server that initially accepts it is the first "sender". – John Mee Mar 03 '22 at 00:27
  • @JohnMee I don't know. I know that my location's IP address is recorded by the mail server and also seems to be included in the mail headers. So I think it might actually be my location and not the server. But I don't know. – Dave Cousineau Mar 03 '22 at 00:34
  • The IP address of the client is captured in the header, perhaps as `X-Received`, but that is not the "sender" that SPF is interested in. SPF is trying to determine if the server passing the message is associated with the domain the purports to be from. The "sender" in this context is always a mail server. – John Mee Mar 03 '22 at 01:13

3 Answers3

2

A "sender" in the SPF record is the IP address of the computer which tries to send the email. In other words, when an SMTP server checks SPF, it will check against the server which is currently connected and is trying to send the email.

So you need to include the IP address of your SMTP server in the SPF record, and not the IP of your client.

Lacek
  • 7,233
  • 24
  • 28
0

You can specify it by IP or by hostname in your DNS zone according to this documentation:

An SPF record is a DNS record that has to be added to the DNS zone of your domain. In this SPF record you can specify which IP addresses and/or hostnames are authorized to send email from the specific domain.

Alejandro Vázquez
  • 94
  • 4
  • yes, but does "send email" mean from an email client, or from the mail server? is it my physical location's IP address or the address of the mail server that I'm contacting? – Dave Cousineau Mar 03 '22 at 00:17
  • sender would be the client IP, but the check for the allowed "senders" is done when you receive an email (before reading the body, in the link mentioned you can check the part named "SPF in practice" for reference – Alejandro Vázquez Mar 03 '22 at 00:28
0

My understanding now is that it's actually the last SMTP server before being delivered, which may be very different from the SMTP server your email client contacted. So it is definitely not your mail client's address, and likely may not be your first SMTP server's address either.

This will mean that you need to determine the full list of your provider's server addresses. This can be a very large list of addresses, and so there is likely some kind of "spf" prefixed domain offered by your provider that can be included in your spf record instead of listing specific addresses or even address ranges. Eg:

v=spf1 include=spf123.mymailprovider.com ~all

This allows your provider to update their record as necessary and for you to have the lastest changes automatically.

Dave Cousineau
  • 135
  • 7