Common SPF Issues
SPF Record Syntax
In general, an SPF record is defined using a type of TXT record (not to be confused with the legacy SPF file type record).
Example of an SPF Record:
v=spf1 a ip4:199.167.224.0/22 ~all
Check your SPF record using this third-party tool with your domain: Check SPF Record
DNS Lookups (too many included lookups)
You must limit the number of DNS lookups to a maximum of 10 according to the RFC specifications.
Having more than 10+ included lookups will result in an error during SPF authentication.
These mechanisms count against a DNS query:
- include:
- a
- PTR
- mx
- exists
- redirect
These mechanisms do not count against a DNS query:
- all
- ip4
- ip6
Please make sure your SPF record is under the maximum 10 included lookups or it will not pass SPF authentication. We recommend removing any unused "include:" mechanisms to help reduce the number of included lookups.
Multiple SPF Records (having two SPF records)
There can only be one SPF record per domain according to the RFC specifications. Having more than one SPF record will result in an error during SPF authentication. We recommend consolidating the multiple SPF records into a single record.
Character Limit (up to 255 characters for a single string)
SPF records can have up to 255 characters for a single string, according to the RFC. This is a limitation for all TXT records in a DNS.
Having more than 255 characters in a single string will result in an error during SPF authentication. Although your DNS manager might allow you to have more than 255 characters, our tool will show a warning that the number of characters exceeds 255 and should be reduced unless you are certain that the SPF record is in a valid multi-string format.
HOST value (cannot have "@" symbol)
Some DNS hosting providers do not allow the HOST value of a DNS record to be an “@” symbol. In this case, you should leave the HOST value blank.
For DNS records, the "@" symbol is a placeholder used to represent "the current domain". So in this case leaving it blank should work as well.
Null DNS lookup (no DNS result)
A null record in the SPF record is commonly an indication of a problem with the related DNS lookup. In general, any mechanism that contains a DNS lookup should return a result.
You should remove any Null DNS lookups e.g. "include:" mechanisms that do no return a valid result. Having a null record will result in an error during SPF authentication.
If you need any further assistance with your SPF record, please contact our support team.
Common DNS/Hosting Provider Documentation
Comments
0 comments
Please sign in to leave a comment.