DKIM and canonicalization

Google should still like it when you take 2 of 3 out.
I would stay with mx only.

 

i originally had v=spf1 mx a ip4:xxx.xxx.xxx.xxx ~all and mail would still be accepted at gmail but if you look at that received email header it said spf=none even though spf testers says I do have it correct, added the include part and sent another and looked at new header and spf=blahblahblah, so I'm going with it because as you say, google will be google

 

Then stick with include alone and loose mx and ip4.
Test it and if google isn't an idiot leave it at that. If google complains again you can always put it back again.

 

In the default setup the bounce messages are send with MAIL FROM:<>. The receiving server then has no option to check SPF because there is no "SMTP FROM" domain to check. The RFC defines that SPF checks against the EHLO hostname are recommended and are used in some cases. See this reference at section 4 as well: https://www.m3aawg.org/sites/defaul...cation-recommended-best-practices-09-2020.pdf

We setup SPF records for all of our mailserver hostnames, as they are getting checked and bounced back if SPF is missing from some servers.

 

If you had read 2 posts down the one you quoted you had seen I'm doing the exact same thing, for the exact same reason (though not explained).

 

Oh damn... I've musst have missed that sorry about that