问题
From where do I get the correct syntax to create a proper SPF record for EC2 amazon server? I understand how to create a dns entry but I have no idea what to put in place for the SPF record.
回答1:
This is very easy to do:
- Provision an Elastic IP for your server
- Setup an "A" record for the server which will be sending mail with your favorite registrar- a good practice to follow is to include "svr" somewhere in the hostname, as in, app-svr-01.youdomain.com
Click here to contact amazon and ask for a reverse dns record for the IP
add the following somewhere in your SPF record and you should be good to go:
a:app-svr-01.youdomain.com
Note: if you need to relay mail through this server from your other AWS servers, or communicate between servers in any other way, you shoukd not use this new FQDN, but rather the AWS FQDN from the AWS console (it will look like ec2-xxx-xxx-xx-xx.compute-1.amazonaws.com).
Using your custom domain name will route through the "WAN" and incur bandwidth charges.
回答2:
You can use the Amazon Simple Email Service (SES). If you only use this service (and not directly), then your SPF can be as simple as described in the FAQ:
http://docs.amazonwebservices.com/ses/latest/DeveloperGuide/SPF.html
maybe changing it to a definite fail on mismatch:
v=spf1 include:amazonses.com -all
回答3:
Creating an SPF record for an EC2 instance is a waste of time. Every major ISP and blacklist will blackhole mail from an EC2 IP no matter what you do. Since anyone can spin up an instance, get a new IP, send spam and disappear, nobody trusts their mail.
Use an external mail server, like SendGrid.
来源:https://stackoverflow.com/questions/6688251/spf-record-for-amazon-ec2