Записи SPF и слишком много запросов DNS
Мне предложили настроить записи SPF для моего домена, и я это сделал. Я использую gsuite для электронной почты и правильно настроил записи mx для отправки почты через gsuite. Мое веб-приложение отправляет электронные письма через API Sendgrid, и я также использую Mailchimp для маркетинговых писем.
Я считаю, что следующая запись TXT является правильной:
"v = spf1 a mx include: _spf.google.com include: sendgrid. com include: servers.mcsv.net ~ all "
Однако Я провел несколько тестов, которые показали, что запись содержит слишком много запросов DNS. Что здесь лучше всего делать?
First of all, if you are using Sendgrid's services, you should include the record at sendgrid.net (intended for this purpose), not sendgrid.com (appears to reflect what mail services Sendgrid the company themselves use, including things like Google Mail).
Fixing that removes a handful of lookups to other things that are irrelevant to you.
Second, what does mx in your SPF record expand to?
As you include _spf.google.com in SPF, I would expect that your MX records are most likely the Google Mail inbound servers, which are entirely pointless for you to add in SPF (and adds additional lookups).
As for a, what is there at that address and does it even send mail? If yes, why not just add the IP address in SPF instead of an indirect reference?
As you're aware, SPF records are limited to 10 DNS lookups. If they result in more than that, the record fails with a permerror.
Here is the problem:
include:sendgrid.com
This is for Sendgrid's own internal corporate mail. It has its own large set of includes and results in quite a few DNS lookups.
This is not what you were supposed to use. Sendgrid customers are supposed to add to their SPF record:
include:sendgrid.net
Note net, not com. This should reduce your DNS lookups below 10 and get you a working (and mostly correct) SPF record.
P.S. I say mostly correct because your record ends with ~all, which should be changed to -all after you're finished testing the record. The ~all makes the entire record useless for actually stopping forged mail.