-1

I am a programmer who manages online exchanges user also for and i have been asked by to add IP address to SPF record

v=spf1 +ip4:xxx.xxx.xxx.xxx include:spf.protection.outlook.com -all

so that emails send from that application are accepted by the exchanges server and end up in the Inbox.

Now my question is, Is't safe to add IP address to SPF record from security point of view as am afraid it may be used to send malicious email by spoofing or other means.

I personally am against adding IP address to SPF record as i am not sure if it can be misused to send back email to user in our organization.

Learning
  • 19,469
  • 39
  • 180
  • 373

1 Answers1

1

No, there's no real risk here. SPF simply says which servers are allowed to send email from a domain, and you can delegate exactly which servers that means via the include directive, so for example you don't have to know which IPs are actually used by outlook.com - it's their job to maintain that list.

SPF protects against spoofing - you don't want to add a server that might be compromised, but that should not be the case here.

It's good to add the literal IP before other SPF clauses (as you have done) as they are the fastest for receivers to check (they don't require any extra DNS lookups).

BTW: This kind of (non-programming) question is really better asked on Server Fault than SO.

Synchro
  • 35,538
  • 15
  • 81
  • 104