It has been my experience that it is beneficial to include SPF and DMARC records for the mail server's hostname along with the domain name.
Domain example.com with mail server mail.example.com: @ IN TXT "v=spf1 a mx -all" mail IN TXT "v=spf1 include:example.com -all" _dmarc IN TXT "v=DMARC1; p=reject;" _dmarc.mail IN TXT "v=DMARC1; p=reject;" My memory is fuzzy on the exact situation that caused it, and while rare, Ive seen the server try to send out mail using the hostname. I can't remember if it was a bounce notice or something generated by a script, etc. Doing so has no downside. Since Im here, another SPF tip someone might find interesting, which I have never seen in any online how-to's. If you have many IP's you want to include in your SPF record, instead of trying to cram them all into the text record like: @ IN TXT "v=spf1 ip4:192.168.0.1 ip4:192.168.0.2 ip4:192.168.0.3 ip6:2001:db8:85a3:8d3:1319:8a2e:370:7348 ... mx -all" You can setup a subdomain for all of the IP's like this: @ IN TXT "v=spf1 a:spf.example.com mx -all" spf IN A 192.168.0.1 spf IN A 192.168.0.2 spf IN A 192.168.0.3 spf IN AAAA 2001:db8:85a3:8d3:1319:8a2e:370:7348 spf IN AAAA 2001:db8:85a3:8d3:1319:8a2e:370:7350 spf IN AAAA 2001:db8:85a3:8d3:1319:8a2e:370:7352
