Issue: my SPF Record (TXT) can not be retrieved from the DNS entry of the domain zwischengas.com
In my DNS entry I have one line for the SPF Record (as TXT entry):
@ IN TXT "v=spf1 ip4:188.a.b.c ip4:xyz/22
ip4:xyz/24 ip4:xyz/21 ip4:xyz/24 ip4:xyz/24" "ip4:xyz ip4:xyz/22
ip4:xyz ip4:xyz/29 ip4:xyz/29 ip4:xyz/28" "ip4:xyz/24 ip4:xyz/24 a mx
?all"
I have the problem, that this SPF Record can not be found and I have no clue why. According to the RFC splitting up a very long line into multiple strings is recommended in order to keep all substrings smaller than 255 characters.
My domain is zwischengas.com , the Mail Server's IP is 188.a.b.c, anybody a clue?
I tried these tests without success:
host -t txt zwischengas.com
spfquery -ip-address 188.a.b.c -m [email protected] -h zwischengas.com
Also the tests with online tools are without success:
Also Google Mail (gmail.com) can not retrieve my SPF record (according to the original mail header section):
Received-SPF: neutral (google.com: 188.a.b.c is neither permitted
nor denied by best guess record for domain of
[email protected]) client-ip=188.a.b.c;
Working Solution
You can test the correctness of your SPF record by calling
A simple SPF record could look like this:
If you add IPs one after the other, you can end up in error messages from the DNS Server saying that the string is too long.
A valid solution to this is to introduce
" "into it.So instead of
you would have (an example):
The
" "option is described in the appropriate RFC and is accepted by all DNS Servers (what actually happens is, the" "is removed and the substrings get concatenated).But what if you have 20 IPs? You end up in a string which is by far longer than what is allowed. What can you do?
The solution to this is called:
includeAn example:
You can extend that with N hierarchies. I hope this helps as it took me some time to find this out!!