Add server ip to spf record or not?

My cPanel says the following warning message:

This system does not control DNS for the “example . com” domain. You can install the suggested “SPF” record locally. However, this server is not the authoritative nameserver. If you install this record, this change will not be effective. Contact the person responsible for the “clint.ns.cloudflare.com” and “cruz.ns.cloudflare.com” nameservers and request that they update the “SPF” record with the following:

It suggests the following spf value:

v=spf1 +ip4:123.123.123.123 +include:_spf.google.com ~all

I’m adding support for gmail and currently my spf record is as follows in Cloudflare:

v=spf1 +include:_spf.google.com ~all

My question is, do we need to add the website ip address to the spf record ? Or do we add the proxy ip address created by Cloudflare ? Or lastly, do we just ignore this warning message and not bother to add an ip address and just keep it as it is ?

Definitely not the proxy, most likely the IP address of your webserver, if that is where you send emails from.

You need to add it at the authoritative nameserver, otherwise it will never take effect. Whats the domain?

Thank you for your answer, my only worry is showing the servers real ip address in the dns records (which we want to avoid).

In that case you should probably use a third party mailing service. Sending any email will automatically reveal your IP address.

If you send email from an IP address, then it should appear in your SPF record. If you do not send email directly from your server, the it’s IP address should not appear in the SPF.

You could use the Google SMTP Relay, which might be the safest option.

2 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.