I have a domain name, say example.com, and many servers (potentially hundreds), each with a public IP and a sub domain (sub1.example.com, sub2.example.com, etc.).
Each server hosts a Postfix installation. The goal here is to be able to send emails from any server (not to receive emails). There's however no email server attached to the main domain itself (example.com)
Now I'm trying to setup the SPF entries in the DNS, but I'm a bit stuck.
I've tried many combinations but they always end up with a SPF SOFTFAIL when trying to send an email to gmail. Also, how to workaround the limitations on the length of the SPF record with that many servers/IP is unclear to me.
Adding some more context (even though I've accepted Bob's answer).
The idea is to have a very redundant architecture, where any server can fail and the system as a whole will keep working (at least for email sending). I don't have control on the range of IP addresses : the servers will be provisioned in multiple countries and with multiple providers.
I've tried defining an SPF entry for the main domain name only.
600 IN TXT "v=spf1 mx ~all"
When sending to Gmail I get a SOFTFAIL error for SPF validation, the email being sent from a subdomain (like sub1.domain.com)
I then tried to add the sender IP address in the record:
600 IN TXT "v=spf1 mx ip4:server_ip ~all"
But I end up with the same SOFTFAIL error.
Also tried to add another SPF entry for the subdomain, but as far as I understand, only one SPF entry should be created :-/
I also tried to include: the domain names, with the same result.
Any help or guidance would be appreciated :-)