The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Are SPF records checked per Domain or per IP/server?

Discussion in 'E-mail Discussions' started by norelidd, Dec 20, 2007.

  1. norelidd

    norelidd Well-Known Member

    Jan 15, 2007
    Likes Received:
    Trophy Points:
    I have one user who uses a blackberry on his domain, making it so that mail sent from it fall outside the scope of my regular SPF record. I'm interested in adding blackberry's smtp servers to the SPF record on his domain, but is that all I should do?

    his domain might be, but the email headers say that the mail from that domain actually comes from

    So should the blackberry-friendly spf records also apply to the's spf record?
  2. sparek-3

    sparek-3 Well-Known Member

    Aug 10, 2002
    Likes Received:
    Trophy Points:
    cPanel Access Level:
    Root Administrator
    Every e-mail message has a single envelope-from sender. This is the domain that the SPF record is looked up on.

    When you look at a message headers, the envelope sender is the address in the header Return-path.

    A server that performs an SPF check will take the domain of that value, look up the SPF record for that domain and see if the server that sent it that message is in that sending list.

    One thing to note, if you are adding an IP to an SPF record, you can't necessarily assume that the sending IP is the same as the mail server that is used to send the message.

    For example, a user might send out a message from their domain using the SMTP server:

    A common misconception is that you can just perform a DNS lookup for and enter that IP address in the domain's SPF record. This is not always the case. might refer to an incoming mail server only, a Message Submission server instead of an actual mail relayer.

    The IP address for might resolve to but that server actually relays the message to another server that actually sends it out through the Internet. That server's IP address might be

    If you add to the domain's SPF record, then the SPF lookup will still fail, because the sending IP ( is not in the list. This is one thing to consider with SPF.

Share This Page