#niebar

Hi! Let me help you with this.

What DNS provider are you using?

aws

I dont think the DNS provider should make any difference so if you could provide me the generic includes that would be great

You should find those in your Dashboard when you add your domain: https://stripe.com/docs/payments/account/email-domain#verifying_domain

Thx, my domain was added long ago, all I can do is to view the DNS verification records and these dont include an spf record

There is a TXT with stripe-verification and some CNAMEs

Are you sure you need the spf record?

according to our infra engineer we do need it to secure our email infra

It's also mentioned in the stripe docs: "The record value specifies a policy that email providers use to decide how to handle fraudulent emails. For example, you can create a DMARC policy that rejects an email that doesn’t pass SPF or DKIM checks. This policy makes it harder for malicious email senders to impersonate you."

What do you see in your Dashboard?

There is a TXT with stripe-verification and some CNAMEs for my current domain

I added a dummy domain but it shows the same records, so no spf record either

Hi! I'm taking over this thread. Give me a few minutes to look into this.

We handle SPF internally and you do not need to add any records yourself. The records we give you on the dashboard just work.

ok thx for the info. so when we change the spf suffix "?all" to "~all" of "-all" Stripe will still be able to send through our domain right? I will pass this on to our infra engineer

• or "-all"

so when we change the spf suffix "?all" to "~all" of "-all"
I'm not very familiar with this process, so I'm not sure what that means. Sorry.
My recommendation is to follow what is descibed in the to documentation link shared above.

ok thx