domain name system - Regarding gmail SPF record and A record

I have a domain with the following SPF record,

"v=spf1 +a +mx +ip4:123.45.67.89 ~all"

Two questions,

1. Is the IP necessary there? The A record on the domain resolves to the same IP i.e. 123.45.67.89.


2. I've created an email on the domain and added it to gmail to send and receive emails. The emails are working fine, I am able to send emails and they don't have the warning "Google cannot verify if the domain actually sent the email or no". Do I need to add any gmail SPF record to it? I'm asking about this v=spf1 include:_spf.google.com record.

Answer

1. If you have exactly the same IP (or a:/) in your a mechanism (or mx mechanism), the ip4 mechanism is unnecessary and CAN (rather than must) be removed.

   
   
   

   As domain is not specified in your +a & +mx, the current domain is used, while ip4 & ip6 must always have an

   or / specified.




2. With the current SPF record, Google falls within ~all, causing SoftFail, i.e. "The SPF record has designated the host as NOT being allowed to send but is in transition". Therefore receiving MTA shouldn't REJECT the mail, but it can mark it as spam. With -all it'd have been rejected.

   
   
   

   Therefore, include:_spf.google.com is necessary, if you need to send email from Gmail. However, you should not add another TXT record, but combine these two into one, e.g.

   
   
   

   @ IN TXT "v=spf1 +a +mx include:_spf.google.com ~all"
   

   
   
   
   

   It's also possible (and even suggested on the documentation of include: mechanism) to make included domain Neutral rather than Pass. If Gmail is only used occasionally and you want to prevent other Gmail users to get Pass results on the SPF tests, it can be achieved with:

   
   
   

   @ IN TXT "v=spf1 +a +mx ?include:_spf.google.com ~all"