How to permit Yahoo.com in spf record?

Question

I have an email server with the spf record set up like this:

"v=spf1 ip4:192.0.2.21 ip6:2001:db8::f08c:95ff:feb4:f317  -all"

Actual ip address changed to protect the innocent, but those would be the ips of the mail server.

I have a user who uses yahoo mail, and has set up their 'send-only address' to use their custom domain name that's on my email server (example.com in the example below).

So when they send mail through yahoo, it fails spf with this error (was sent to a gmail address)

Authentication-Results: mx.google.com;
       spf=fail (google.com: domain of tlin@example.com does not designate 98.137.69.147 as permitted sender) smtp.mailfrom=tlin@example.com;
       dkim=pass header.i=@yahoo.com header.s=s2048 header.b=KXfctSKQ
Received-SPF: fail (google.com: domain of tlin@example.com does not designate 98.137.69.147 as permitted sender) client-ip=98.137.69.147;

The 98.137.69.147 is a yahoo address, but I tried adding include:yahoo.com and include:_spf.mail.yahoo.com to the spf1 record and it failed with those as well. I assume I can't just add that ip, as it will likely change.

What do I need to add to the record to get it so she can email through her yahoo address without spf failing?

I realize a solution will mean allowing anyone with a yahoo address to send through the server, but I don't expect unauthorized users to really be a problem.

Thanks for any help!

Chris

Answer 1

Finally found it, I had to add:

ptr:yahoo.com

This from https://clickwp.com/kb/yahoo-mail-alt-address/

Works!