问题
In my setup I have a website (example.app) hosted on Heroku.
Then, I use Sendgrid to send emails from the Heroku server to our users that forget their password. The email is registered using Google's Gsuite. So I also send emails from the Google servers.
The from email is: <Appname <noreply@example.app>
So I thought these should be my DNS records (note I don't have an A-record):
CNAMES:
example.app CNAME "example.app.herokudns.com"
www.example.app CNAME "www.example.app.herokudns.com"
SPF:
example.app TXT "v=spf1 a include:_spf.google.com include:sendgrid.net ~all"
Dmarc:
_dmarc TXT v=DMARC1; p=none; rua=mailto:dmarc@example.app; ruf=mailto:dmarc-forensic@example.app; fo=0; adkim=r; aspf=r; rf=afrf; pct=100; ri=86400; sp=none
However, the Dmarc record doesn't validate as mail is send from a different domain then the To address. I think the email is send from sendgrid.com and the to-address is example.app.
Hence, I think by adding the IP-addresses of my Heroku DNS into the SPF record it should work.
But how do I do this, when these IP-addresses are dynamic?
回答1:
"No" by protocol - rfc1912#section-2.4 but "yes" if using CNAME flattening.
Also, you should configure your SPF and DMARC using your email servers, in your case, sendgrid not your@example.app
Check more about how Cloudflare deals with CNAME flattening here: https://blog.cloudflare.com/introducing-cname-flattening-rfc-compliant-cnames-at-a-domains-root/
来源:https://stackoverflow.com/questions/51323836/is-it-possible-to-create-a-correct-spf-and-dmarc-dns-record-when-you-use-a-cname