Sender Policy Framework

Can I bypass spf checks for certain servers?

Can I whitelist hosts on my dmz without making their adresses publicly available?

Often, you will want to allow certain servers to send mail through your smtp server. For example, if you have machines on your dmz that must be able to send status messages or you have some machines on your LAN that need to send out mail from your domain. In this case you will generally not want to publish these services in your public spf record (eg. "v=spf1 ip4:10.0.0.0/8 a -all") since this information is potentially valuable for hackers.

This can be solved in two ways. First of all, many spf implementations provide you with an option to put these adresses in a whitelist. This is just a list of hosts, which only needs to be available to your smtp server. A second option is to implement a 'local policy'. For details, consult the documentation that came with your specific spf implementation or search the list archives for 'whitelist' and 'local policy'.