I am attempting to set up a spf record that will only allow Godaddy's workspace email, gmail, and my outlook app to send emails using my domain, with all other sources hard failed. So my spf record needs to have three permitted sources:
My problem is that I cannot find a spf definition that covers the actual servers used by Godaddy. Does anyone have a list of IP addresses used by their SMTP infrastructure, or a spf record that I can use as a include statement. I cannot use "secureserver.net" as it drags in all outlook.com's spf definition and I overload the limit of 10 indirects permitted under spf rules.
Based on a post from 2016 - which goes into detail about cPanel vs WorkSpace vs office365 etc etc etc
v=spf1 include:secureserver.net –all
this should give you want you need (obviously with your other elements)
Once your issue is resolved,
please be sure to come back and click accept for the solution
Get Better Support on the Community Boards!
Etiquette When Asking for Help from the Community
I've already tried your suggestion, but as I said in my original post, I cannot use your suggestion as the spf record associated with secureserver.net now includes the spf records associated with protection.outlook.com.
The result is that when used with google's spf record, I get too many nested records.
You can see all the nesting by using the following link secureserver.net
I see what you are saying....
I guess my question is as the mx toolbox has the IP addresses you need, can you grab them from there?? and build your SPF record from that?
Or setup an SPF record for something like spf.yourdomain.com with the IPs from secureserver.net but without the additional includes - and then just have that in your include statement (trying to keep it clean)
Once your issue is resolved,
please be sure to come back and click accept for the solution
Get Better Support on the Community Boards!
Etiquette When Asking for Help from the Community
You reply is useful, but this goes back to my original question: "Which of the many IP address blocks mentioned in the spf records for secureserver.net are needed to provide support for smtpout.secureserver.net?".
I've tried asking godaddy and they said they only provide assistance to enable to send emails via workspace email. My current approach to building this list is to rely on the email servers rejecting an email and getting the IP address to add to my list. This is a crapware approach.
Aghhhhhh !*!*!*!*!*!*!*
I believe that they all have the potential to be used - but not sure as there are different platforms which use that SPF
Sorry I can't be of further help with that
Once your issue is resolved,
please be sure to come back and click accept for the solution
Get Better Support on the Community Boards!
Etiquette When Asking for Help from the Community
Hi @DaveWP. Thanks for posting. The list of IP addresses that may send mail for secureserver.net would be very large. As far as I know, there wouldn't be a way to list them all individually. If there were, it probably wouldn't be advisable as they may change periodically.
As @PL281 mentioned, v=spf1 include:secureserver.net -all is the correct SPF record to reference all of our mail servers. (One quick note: that is a "-" as opposed to an elongated hyphen. The code block seems to change this character when you copy it.) Based on the information here, the SPF record for secureserver.net only contributes to 4 of the 10 DNS lookup limit. Adding your domain to the mix would increase that to 5. I'm not sure what the SPF you're using from Google, but _spf.google.com only shows 3 lookups. If you could provide specific examples that can be queried, that may help the Community address your concerns.
Part of the problem with including just "secureserver.net" is it pulls in 3 definition blocks from Outlook.com.
spf1.secureserver.com includes the following include:spf.protection.outlook.com
We get to 10 include definitions if you follow the logic below
Hence, my request for a list of IP address blocks that could be associated when sending emails using the Godaddy SMTP server. (smtpout.secureserver.net). This would not be an ideal solution. my ideal solution would be for Godaddy to publish a spf definition, say "spfsmtp.secureserver.net" , that I could include a reference to in my domain's spf definition.
BTW, I used https://www.dmarcanalyzer.com/spf/checker/ to check my spf record, and it highlighted the problem with the number of spf definition's I was dragging in. It flagged up the problem that some mail servers may fail emails sent where there are a large number of includes,. This triggered my investigations as I have experienced problems sending emails to some UK government departments / police authorities with the above list of spf records in the hierarchy for my domain. However, as I was on the limit I have found some ISPs are happy .
I've struggled with authenticating messages sent from secureserver.net too. 4 lookups is just too many, and there's no reason anyone should have to authenticate outlook.com just because they use secureserver.net. The solution I've been using is to route messages from secureserver.net through Google's servers. https://support.google.com/a/answer/2956491?hl=en