SFP record for CRM itself or not?

So is it required by the internet that you have a SPF for your CRM or not?

I am sort of divided in this because when your company host it is* likely that CRM is already within the frame of IP addresses authorized* to send in SPF and adding the SFP mechanism "include:crm.something.com -all" will in that case generate double entries of the already authorized IP’s.

The reason for this is that many companies chose to partition their server so it is multitasking and running several different business systems (CRM, corporate website, accounting, project management, sales etc. or whatever), so many the business applications basically share the same IP to get the most out of the server.

But on the other and when your CRM does send from https;//crm.example-domain.com email servers around the will will do a DNS query and look up "crm.example-domain.com" to see if:

1.) Does it have a SPF record for that domain?
2.) Is the domain name authorized to send through the IP’s /mail server?

and if you do not have it, it might fail your sent emails and being ditched in the cold dark place called the spam inbox or even worse - outright rejected and refused with a 550 by mail servers around the world.

Now if you do decide to add the SPF mechanism "include:" it will also generate the trouble of double entries of the same IP which also might cause issues with deliverability as email servers might think your not fully legit or even spammer as the SFP record sort of fails. But on the same time now you are also fully authenticated and in theory your deliverability should increase because it might be better to have a DNS SPF record for your CRM than none at all.

Now this could of course be “easily” solved that you chose to setup a new VPS or a dedicated physical server exclusively for your CRM system which solves the issue as it will have its own dedicated IP.

Anyway; I’m torn. :thinking:
Is it required this days that your CRM is listed in the DNS system and also have its own SPF record or not?

Thoughts? :bulb:

Kind regards

Hi @PowerQuest , it mainly depends on the email host you’d like to use as a sender.
Some of them will push you to set up DKIM (DomainKeys Identified Mail) and a TXT record for SPF (Sender Policy Framework).
Both of them are additional DNS records to be managed in your domain settings.

Thanks for your reply.
Well we host our own e-mail servers. One main e-mail server and a backup/fall back server.

Kind regards

You need to be careful so that your host doesn’t get a bad reputation on the Internet as a spammer. Try to emulate the restrictions that other hosts have - ones who care about their reputation.

Thanks for your concern @pgr, I apprecaite that. :facepunch:
I’m very careful with making sure that the e-mail servers has a good reputation.

I have setup all the DNS records requiered and also signed up to Google/Hotmail postmaster and and we are not listed anywhere in IP blocklists.

We don’t send many emails normally. Just the standard day to day business e-mails and I do not maintain any e-mail newsletters either. We just as you know send marketing campaigns to selected lead prospects for ourself. But that doesn’t happen every month so I think we’re quite safe.

Kind regards