SPF if you have internal employees on the road

Hi, I'm really responding to http://dyn.com/dyn-email-why-you-should-setup-authentication-with-spf-domain-keys/ by Stephen Wheeler. My question is whether I'm missing a big potential problem with SPF which is that if any of our internal users send email when they are not using our SMTP server then presumably SPF can make that mail undeliverable ?

asked Jan 25 at 09:08 AM

$SMSFs\'s gravatar image$

SMSFs
1 ● 1

2 answers:

oldest newest most voted

Potentially yes, if they don't use your SMTP server.

The question of course is why wouldn't they? There are no shortage of options:

VPN access to the network
Remote, authenticated, access to the mail server from the mail client
Webmail access

There is a mailing list for SPF, the archives of which may be worth a read.

answered Jan 25 at 04:59 PM

$Cry Havok\'s gravatar image$

Cry Havok ♦
52.1k ● 13 ● 26 ● 222

From Steve:

Your spf record should include the ip of your internal mail server in addition to the ip or include of your external marketing. Your spf record should look something like this as an example. v=spf1 ip4:xxx.xxx.xxx.xxx include:spf.dynect.net ~all . Notice the include for Dynect Email Delivery and the ip4: for your internal mail server.

Users on the road should still be all set as long as they are not changing their outgoing mail server to the local internet providers outgoing smtp setting.

Stephen Wheeler

Director of Deliverability