SPF record for amazon ec2

Question

From where do I get the correct syntax to create a proper SPF record for EC2 amazon server? I understand how to create a dns entry but I have no idea what to put in place fo

Answer 1

This is very easy to do:

1. Provision an Elastic IP for your server
2. Setup an "A" record for the server which will be sending mail with your favorite registrar- a good practice to follow is to include "svr" somewhere in the hostname, as in, app-svr-01.youdomain.com

3. Click here to contact amazon and ask for a reverse dns record for the IP

4. add the following somewhere in your SPF record and you should be good to go:

   a:app-svr-01.youdomain.com

Note: if you need to relay mail through this server from your other AWS servers, or communicate between servers in any other way, you shoukd not use this new FQDN, but rather the AWS FQDN from the AWS console (it will look like ec2-xxx-xxx-xx-xx.compute-1.amazonaws.com).

Using your custom domain name will route through the "WAN" and incur bandwidth charges.

Answer 2

You can use the Amazon Simple Email Service (SES). If you only use this service (and not directly), then your SPF can be as simple as described in the FAQ:

http://docs.amazonwebservices.com/ses/latest/DeveloperGuide/SPF.html

maybe changing it to a definite fail on mismatch:

v=spf1 include:amazonses.com -all

Answer 3

Creating an SPF record for an EC2 instance is a waste of time. Every major ISP and blacklist will blackhole mail from an EC2 IP no matter what you do. Since anyone can spin up an instance, get a new IP, send spam and disappear, nobody trusts their mail.

Use an external mail server, like SendGrid.