SPF Exists and Redirect

Question

I've been helping a client with their email system and realised that their webmaster entered the following as their SPF record.

v=spf1 exists:%{i}._spf.somedomain.com redirect=_spf.somedomain.com ?all

I've looked into the exists and redirect options. From what I can tell these mean that all emails sent "from" their domain would come through as authenticated with SPF?

This should definitely be asked at [webmasters.stackexchange.com](http://webmasters.stackexchange.com) — Aaron Gillion, Jan 29 '16 at 04:20
More docs on SPF Macros: https://tools.ietf.org/html/rfc7208#section-7 — andrei, Apr 06 '20 at 14:11

score 8 · Answer 1 · answered Jan 29 '16 at 03:47

The first part:

exists:%{i}._spf.somedomain.com

says insert the IP address, say 1.2.3.4 for example, giving:

exists:1.2.3.4._spf.somedomain.com

which says, if that DNS 'A' lookup works, it is a pass.

Having both a redirect and an all is kind of odd. Redirect happens if everything else fails (which is why it should always be at the end of the SPF record), but all never fails to match.

If the all wasn't there the redirect:

redirect=_spf.somedomain.com

would says go fetch that SPF record process it.

SPF Exists and Redirect

1 Answers1