IP whitelist from SPF record
IP whitelists for big providers a kept in DNS SPF records.
In case of big providers they are really long lists of CIDR, and it would be best if Mailgun could automate their lookup and update.
Example:
- Instead of CIDR, use SPF: google.com. To do that we need to perform multiple DNS lookups, since any SPF record may contain "include: $DNS_DOMAIN".
$ host -t TXT _spf.google.com
_spf.google.com descriptive text "v=spf1 include:_netblocks.google.com include:_netblocks2.google.com include:_netblocks3.google.com ~all"
$ host -t TXT _netblocks2.google.com
_netblocks2.google.com descriptive text "v=spf1 ip6:2001:4860:4000::/36 ip6:2404:6800:4000::/36 ip6:2607:f8b0:4000::/36 ip6:2800:3f0:4000::/36 ip6:2a00:1450:4000::/36 ip6:2c0f:fb50:4000::/36 ~all"
The same for all other _netblocksX.google.com
1
vote
Michał Gajda
shared this idea