Need Example of Best Practice SPF Entry

I operate DNS from two Virtualmin Servers separate from our Virtualmin web servers. Form submissions from various websites are beginning to be rejected for DMARC - failure to use SPF or DKIM validations. I think we would like to make SPF entries in the master zone files thereby providing the server IP address from which a SendMail might emerge along with the standard email server e.g.

If you agree with my tactic, could you please provide a format example for the SPF entry at the domain zone file level?

Or, am I better doing this at the Virtual Server level, domain by domain?



Howdy -- you would need to add SPF entries for each domain, but it's okay if that's on a separate DNS server.

What you may want to do is temporarily enable DNS on your server, and then go into Server Configuration -> DNS Options. There, you can specify the SPF options you wish to enable, and then you can set "SPF record enabled" to "Yes".

Once you do that, you'll be able to review the SPF record that was added. You could then copy that to your actual DNS server.

Excellent idea, I've given it a try. So far no errors. Will wait for report tomorrow.