Can SPF records contain domain name wildcards?

spf

No you can't. That is not the correct SPF record, and it is not the correct address of Google's SPF record. Anyone with the control of a reverse DNS domain can make any IP have any name he/she wants, like "google.com", "whitehouse.gov", etc. Allowing reverse matches at all would be very wrong.

The "include" feature of SPF works differently. It does a direct DNS resolution on the given name, and then processes the records that comes from that response. The correct SPF record for Google's e-mail servers is:

v=spf1 include:_spf.google.com ~all

The match is done by IP address from the results returned by a TXT DNS query to _spf.google.com. Should Google ever change the IP address of their mail servers, this record should be changed too. As of today, a query to that record returns:

~% dig +short txt _spf.google.com
"v=spf1 ip4:216.239.32.0/19 ip4:64.233.160.0/19 ip4:66.249.80.0/20
ip4:72.14.192.0/18 ip4:209.85.128.0/17 ip4:66.102.0.0/20 ip4:74.125.0.0/16
ip4:64.18.0.0/20 ip4:207.126.144.0/20 ip4:173.194.0.0/16 ?all"

Note that the address you are seeing, 209.85.213.172, is included above, in 209.85.128.0/17. So, if your SPF record is configured correctly, it should PASS.

More information on Google Apps Help.

Related

How to enable volume shadow copy using Powershell?
Mount CIFS Credentials File has Special Character
How do I recursively mirror a directory and its contents with puppet?
Windows 2008 R2 AD servers on fanless flash based systems
Copy a Java keystore on one machine to another?
Cross Origin Resource Sharing (CORS) with nginx / chrome
How to get IPv6 running properly?
How do i tell if all traffic is going though the vpn?
How is kernel oom score calculated?
Rules for Active directory user name string
api-get "Error reading from server" under Docker
Delete "orphan" libvirt snapshot