Solved: third party requested to add his Public IP in to our SPF

amahmud01 · ‎10-09-2019

Hi,

we configured a filter for the antispoofing of emails so that not to receive emails externally from our domain unless we allow explicitly the intended email to send emails from outside. The point is here we have an application that is hosted in cloud and we are allowing vendors application to communicate through specific email of our domain, now the vendor asked to add his public IP address into our SPF even though we are doing the spf record check for our inbound emails.

What is the risk of adding him into the spf record apart from bypassing the spf record check from our side.

Thanks for your help and support.

Mathew Huynh · ‎10-10-2019

Hey Amahmud01,

If you add their public IP that they use to send emails into your SPF record, you'll be giving them a free run to send under your domain to any other mail servers globally.

This could inadvertently make other mail servers not trust your domain as an IP is sending not so legitimate emails (if this does come down to it) where they're using SPF as an indicator.

Also them passing SPF might also allow them to pass DMARC which could be a worry to your domains standing.

Regards,

Mathew

View solution in original post

Mathew Huynh · ‎10-10-2019