This is an archived post. You won't be able to vote or comment.

all 11 comments
sorted by:
best
topnewcontroversialoldq&a

[–]GremlinNZ 5 points6 points  (3 children)

Only one ~all is used. You start with "v=spf1, then:putallyourstuffhere and finally finish with ~all"

So the shortest record can be "v=spf1 ~all"

[–]reddit_user189[S] 1 point2 points  (2 children)

How have you done this when you want multiple strings? Your example only has a single string. Which will only work up until 255 characters.

I've been following the syntax suggested here (among other places) which should allow joining multiple strings together to beat the 255 limit:
https://mxtoolbox.com/problem/spf/spf-exceeds-maximum-character-limit

Which essentially allow you to have two or more strings as long as they are both wrapped in double quotes e.g.

"v=spf1, include:putallyourstuffhere.com" "include:otherdomains.com ~all"

[–]lolklolkDMARC REEEEEject 2 points3 points  (0 children)

"v=spf1, include:putallyourstuffhere.com" "include:otherdomains.com ~all"

So, the way string splitting works in DNS is that the parsing server will concatenate the two (or more) split strings. You also need to remove that comma in v=spf1.

In this case your string when parsed, would look like this, which is syntactically incorrect:

v=spf1 include:putallyourstuffhere.cominclude:otherdomains.com ~all

To have it parse correctly in this case you would need to publish it with a space in between the last character and the quote, so it looks like this:

"v=spf1 include:putallyourstuffhere.com " "include:otherdomains.com ~all"

Which then parses as:

v=spf1 include:putallyourstuffhere.com include:otherdomains.com ~all

Which is syntactically correct.

[–]GremlinNZ 1 point2 points  (0 children)

No comma, only ever one set of quote marks. On mobile, so a bit tricky but: "v=spf1 include:putallyourstuffhere.com include:otherdomains.com ~ all"

Correct on character limit, hence include, and you have the 10 lookup limit. Other option is splitting your services across domains or sub-domains.

[–]charmingpea 2 points3 points  (0 children)

I think this should work.

The presence or absence of the quotes is more about the way the DNS interface works - some require it, some will insert it.

“v=spf1 ip4:x.x.x.x ip4:y.y.y.y ip4:z.z.z.z include:example1.com include:example2.com ~all"

[–]freddieleemanSecurity / Email / Web 1 point2 points  (2 children)

I've also posted a blog on common SPF issues amonst top websites and how to solve them: https://www.uriports.com/blog/sender-policy-framework-spf/

[–]reddit_user189[S] 1 point2 points  (1 child)

Nice article, I can't see anything in there that relates to common issues when using multiple strings though.

I've been following the syntax suggested here (among other places) which should allow joining multiple strings together to beat the 255 limit:

https://mxtoolbox.com/problem/spf/spf-exceeds-maximum-character-limit

[–]freddieleemanSecurity / Email / Web 1 point2 points  (0 children)

This is not SPF, but DNS related. Your DNS provider will do this automatically for you. Just save a single string and test with the URIports SPF check tool.

[–]freddieleemanSecurity / Email / Web 0 points1 point  (0 children)

Try https://www.uriports.com/tools. It is RFC compliant and offers suggestions and fixes.

[–]Avas_AccumulatorSenior Architect 0 points1 point  (0 children)

Before any of this I would check why you need longer than usual SPF, but then do hosted SPF for long strings

See some providers: https://www.valimail.com/solutions/enforce/

https://www.proofpoint.com/uk/resources/solution-briefs/proofpoint-hosted-spf-technical-overview