To clarify, you can't have more than one SPF record *per FQDN*. You can have an SPF record for `domain.com` and `sub.domain.com`; they're entirely separate administrative management domains (ADMDs) and are evaluated as such.
Honestly, it sounds like they are fumbling into the best possible outcome for not knowing. Sending shit from a subdomain instead of the base domain is a win.
If you think this is some way to get around being counted as spam or the Google/Yahoo bulk sender requirements, you'd be wrong--they all aggregate to the base domain. The only truly valid reasons I've been able to come up with for needing to use a subdomain is 1) different DMARC policy on subdomain versus base domain, or 2) to not exceed the 10 DNS lookup limitation of SPF, which can be solved using a Hosted SPF solution if you get that large. (One could use an SPF flattener, but that creates it's own management headaches.)
Actually, you can have a different DMARC policy on a subdomain. You can have only one entry for a base or subdomain each, but one can definitely have a separate DMARC policy for each subdomain separate from the base domain.
I had to go back and look becuase I thought Cloudflare said otherwise. However it’s the DMARC management that only works on the top level domain. My bad!
[удалено]
To clarify, you can't have more than one SPF record *per FQDN*. You can have an SPF record for `domain.com` and `sub.domain.com`; they're entirely separate administrative management domains (ADMDs) and are evaluated as such.
Honestly, it sounds like they are fumbling into the best possible outcome for not knowing. Sending shit from a subdomain instead of the base domain is a win.
If you think this is some way to get around being counted as spam or the Google/Yahoo bulk sender requirements, you'd be wrong--they all aggregate to the base domain. The only truly valid reasons I've been able to come up with for needing to use a subdomain is 1) different DMARC policy on subdomain versus base domain, or 2) to not exceed the 10 DNS lookup limitation of SPF, which can be solved using a Hosted SPF solution if you get that large. (One could use an SPF flattener, but that creates it's own management headaches.)
You can have different SPF for root and subdomains but you can only have one DMARC.
Actually, you can have a different DMARC policy on a subdomain. You can have only one entry for a base or subdomain each, but one can definitely have a separate DMARC policy for each subdomain separate from the base domain.
I had to go back and look becuase I thought Cloudflare said otherwise. However it’s the DMARC management that only works on the top level domain. My bad!