I'm trying to setup a mail server and then on mxtoolbox.com I was told:
Your domain's SPF record includes a sender mechanism type of PTR. The use of this mechanism is heavily discouraged per RFC4408 as it is slow and unreliable. Per email delivery best practices, it is advisable to avoid including PTR type mechanisms in your SPF record.
Which is fine. But then what should I do? It just tells me that I shouldn't do this, but then doesn't say what I should do instead.
SPF provides several different methods for server specification (they're all documented in the aforementioned RFC 4408, although it has since been superseded by RFC 7208). In section 5 of the document, you can see that alongside the "ptr" mechanism you also have "a", "mx", "ip4", "ip6", and some more obscure options available.
For example, if your incoming mail servers (MX) are the same as outgoing mail servers, then you can use the mx mechanism in your SPF records.
v=spf1 mx ~all
Otherwise you can specify them by name using a:<hostname>, e.g. a:mailsender.example.com, or by IP address, e.g. ip6:2001:db8:123::/64 or ip4:192.0.2.1.
v=spf1 a:mail.example.com ~all
v=spf1 ip4:192.0.2.0/25 ip6:2001:db8:123::/64 ~all
Both options are less fragile than ptr – they involve fewer DNS lookups and fewer moving parts.
