Jun 19, 2018

Do SPF Records apply to subdomains?

You need to have separate SPF records for each subdomain you wish to send mail from. http://www.openspf.org/FAQ/The_demon_question

This makes sense - a subdomain may very well be in a different geographical location which will have a very different SPF definition.

The 'include:' directive for SPF may be used to provide all subdomains with the same entries. For example, on the SPF record for subdomain mailfrom.example.com enter 'include:example.com'. In this fashion whenever you update the definition for example.com your subdomains will automatically pick up the updated values.

If a subdomain is created as a CNAME record, the SPF record is the one for the domain it points to, e.g. sub.domain.com is a CNAME of otherdomain.com, the SPF a mail server will get when it looks up [email protected] is in the DNS record for otherdomain.com. This is the same if the CNAME record says sub.domain.com => othersub.domain.com, so your TXT record would need to be othersub, not sub.

This is in contrast to DKIM, which needs a separate TXT record for the public key, even if your subdomain is a CNAME.