RFC 1918 adresses in SPF

I understand that the examples in SPF Record Syntax are just examples, but in what circumstances if any would it make sense to list private (RFC 1918) IP4 adresses in a real life SPF record?

https://dmarcian.com/spf-survey/ has no qualms validating SPF records with IP4 mechanisms listing RFC 1918 addresses.

Unless someone had some kind of ‘internal use only’ network and e-mail system with multiple mail servers where e-mails never hit the public IP space I cannot think of a scenario where including a private IP would be of any benefit. From my experience usually internal e-mails (within the same private network/mail system) are not authenticated with SPF (or DMARC) so including private IP addresses is unnecessary/useless.

I assume the spf-survey tool doesn’t throw any errors because there is nothing wrong with the syntax of the record at a technical level. Perhaps it is pointless to include ip4: in your SPF record, but if the syntax is valid then the record is readable/usable and there is nothing “wrong” with it from a validation standpoint. As long as you have your correct public IP space included in the record, I don’t think including a private IP would actually hurt anything. It would be pointless, but it would not break anything to my knowledge.

The survey tool does not make any determination that the IPs or domain names referenced in your record are correct for any specific mail flow situation. It simply tells you whether or not your SPF record is readable and valid from the syntax standpoint. It is up to you to determine that you have entered the correct mail server references for your outgoing mail servers.

1 Like

Thank you for your thorough thoughts. Pointless to include, but syntactically correct sums it up nicely :slight_smile:

1 Like