Introduction to the upcomming example:
SPF - entries are TEXT - entries ( shortterm used on nameservers : TXT ) and should be done for each domain. Please see the offcial reference at http://www.openspf.org/SPF_Record_Syntax for further informations on this. Pay a special attention on the syntax "all", which should be used in 3 different ways:
-all = If any of the definitions don't pass, the result is FAIL, which causes other mail - servers to reject/deny
~all = If any of the definitions don't pass, the result is SOFTFAIL, which causes other mail - servers to accept mails, but they should be marked
?all = If any of the definitions don't pass, the result is NEUTRAL, which causes other mail - servers to accept mails with marked as possibly not valid
The "best" way, or the most common usage is the string "~all", but as well the string "?all", when you have several domains on one IP, because most mail - servers will accept SOFTFAILS and NEUTRAL results, but if you have all SPF - settings setup absolut correctly, the usage "-all" is the best RFC4408 - usage.
The usage of "ptr" should be used, if you as well allow any subdomain to send eMails from your server - you should consider using this string, when you use mail-scripts from your subdomains.
Examples:
Domain example.com ( MAIN - domain for the server ) :
example.com => A => 999.999.999.999
example.com => MX => mail.example.com
example.com => TXT => v=spf1 +a +mx +ip4:999.999.999.999 include:example2.com include:example3.com ~all
Domain example2.com:
example2.com => A => 999.999.999.999
example2.com => MX => mail.example2.com
example2.com => TXT => v=spf1 +a +mx +ip4:999.999.999.999 include:example.com ~all
Domain example3.com:
example3.com => A => 999.999.999.999
example3.com => MX => mail.example3.com
example3.com => TXT => v=spf1 +a +mx +ip4:999.999.999.999 include:example.com ~all
It can be a good idea to use additional strings like "
mx:mail.example.com" ( for settings others than your MAIN - domain ), "
mx:mail.example2.com" and "
mx:example3.com" for settings for your MAIN - domain, to define additional mail-servers to be accepted, but this depends on how you set up your mail - server. If you use a standard configuration, this is mostly not necessary.