Lately, we've been getting a ton of requests from users who want to set up SPF and DKIM records so that various outside services can send emails on behalf of our domain. These services—like Constant Contact and Qualtrics—are legitimate, but I'm concerned about how many of these requests we should be approving. I've heard there's a limit of 10 SPF lookups per domain, and I'm already at 6 with one of my domains. How are others handling this? What's your policy on allowing these requests, and do you have any suggested alternatives?
5 Answers
SPF flattening is also a great option! There are services that can consolidate multiple SPF records into one, which eases the lookup burden. Just make sure to choose a service that automatically updates when your records change, to keep everything current.
I’m all for flattening! It saves so much hassle in the long run.
But honestly, we should be cautious about just approving all these requests. Some services may lead to more spam management on our end. It's a fine line to walk, but we end up requiring approval from upper management for those wanting to send as the main domain.
Agreed! It’s crucial to keep the main domain safe, so only let trusted services through.
Using an SMTP service like Mailchimp or Mandrill can reduce the need for multiple SPF and DKIM records. This way, everything funnels through the service, making it much simpler.
Great idea! It really cuts down on the complexity.
One solid approach is to use subdomains for different departments or services. This way, each one gets its own mailing subdomain, making management easier and reducing the risk to the main domain. If something goes wrong, it only affects the subdomain. Plus, it allows for individual DKIM and DMARC implementations as they come on board. We've had great success with this strategy!
We do this too! It keeps things organized and protects the main domain from potential issues.
Exactly! Limiting exposure to the main domain is smart, especially with all these new requests popping up.
Consider SPF delegation if your organization can swing the cost. Mimecast does this for around $4k a year, and it allows unlimited lookups. It's a game changer! We’ve been using it and it simplifies a lot of our email authentication woes.
That’s definitely true, just keep in mind that it can sometimes create its own cascading SPF issues.
Yes! AutoSPF is a good tool for this. It really streamlines the whole process.