On 2/13/21 7:31 AM, Gilles Filippini wrote:
Writing down what I've learned so far, in case it may help others:
1- The lists server DNS record (lists.example.com) should be of 'A' type (no 'ALIAS' or 'CNAME')
Not only that, reverse lookup of the IP in the A record must point back to the same (lists.example.com) domain. See, e.g., <https://en.wikipedia.org/wiki/Forward-confirmed_reverse_DNS>.
2- The SPF record should be set for the very same DNS name; e.g. lists.example.com (not just example.com) 3- This record seems to work for my server: lists.example.com. IN TXT "v=spf1 ip4:123.123.123.123 -all" Where the IP address is the same as the one registered for the 'A' record.
And you should also DKIM sign outgoing mail.
-- Mark Sapiro <mark@msapiro.net> The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan