SPF for subdomain to avoid email spam

Question

SPF is a powerful method to avoid blocking the emails as spam. However, setup of SPF is normally for the main domain, and I was unable to find setting for subdomain, and I am not sure if it is effective at all. I want to setup my email server on mail.domain.com on a separate server. The SPF for the main domain is

@                 v=spf1 mx include:domain.com ~all
@                 v=spf1 a mx ptr ip4:0.0.0.0 ~all

And for mail server (subdomain)

mail.domain.com   v=spf1 mx include:mail.domain.com ~all
mail.domain.com   v=spf1 a mx ptr ip4:1.1.1.1 ~all

where 0.0.0.0 is the main server IP and 1.1.1.1 is the mail server IP. Will this setting work to successfully use mail.domain.com for emails (e.g. name@mail.domain.com)?

What other considerations can help to avoid labeling the emails sent from subdomain as spam?

Answer 1

Simplify your SPF setup. If I take your words literally then you need three DNS records for SMTP:

 mail.domain.com.   A   1.1.1.1
 mail.domain.com.   MX   10   mail.domain.com.
 mail.domain.com.   TXT    "v=spf1 ip4:1.1.1.1 -all"

The second record (MX) is actually optional.

A more reasonable setup based on your comment:

 mail.example.com.   A   1.1.1.1
 example.com.   MX   10   mail.example.com.
 example.com.   TXT    "v=spf1 ip4:1.1.1.1 -all"

This means you can use mail addresses like john@example.com, while your mail server can be on a different server than the one which serves example.com. You should also setup the reverse DNS entry (PTR record) for 1.1.1.1, so that it points to mail.example.com. Usually you need your hosting company to do that.

Answer 2

Few other things that help:

1. Make sure your MTA's IP address has a valid PTR record (reverse-dns) mapping to mail.domain.com
2. Implement DomainKeys
3. Implement DKIM
4. Ensure that you aren't on any DNSBLs (and ensure that you stay off them)