Hi All,
We use CF for DNS purposes in our organisation, however one query that got flagged was,
If I create an SPF record inside Cloudflare, and the record has the ‘a’ mechanism, due to the way that CF masks the A record, do we need to replace it with the IP address of the server instead, to ensure that SPF passes?
Please let me know your thoughts.
Thanks!
If the A record is proxied, then “a” shouldn’t be in your SPF record.
If your server sends out email, then you’d have to add the ip4 entry for the origin server address.
This isn’t a desirable configuration, as it makes it too easy for attackers to discover your web server’s IP address. Best practice is to not host email on the same server as the website.
It’s not so much about ‘hosting’ email on the web server,
Websites use various methods(phpMailer,etc) to send out emails instead of sending the mail through a service like O365, etc.
The SPF record ensures that those emails are not potentially marked as SPAM.
I had a feeling the A record may experience issues because of the way that Cloudflare masks the real IP.
I guess I’ll have to force the web developers to setup the Office365 connection.
Thanks for the response.
And that’s not a best practice. Email routing should be handled by another server. But if you’re stuck with sending email directly from the web server:
This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.