• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to secondary sidebar
OpenTechTips

OpenTechTips

Comprehensive IT Guides for Pros and Enthusiasts

MENUMENU
  • HOME
  • ALL TOPICS
    • Exchange
    • InfoSec
    • Linux
    • Networking
    • Scripting
      • PowerShell
    • SSL
    • Tools
    • Virtualization
    • Web
    • Windows
  • ABOUT
  • SUBSCRIBE
Home » How to deal with super long SPF records

How to deal with super long SPF records

May 26, 2020 - by Zsolt Agoston - last edited on October 11, 2020

The SPF record a domain owns can have the maximum length of 255 characters.

A longer record - or even nearly that long - is not advisable as recipient servers have a more difficult job to process all elements, especially if the record contains a lot of domain names and "include" clauses as that will trigger other DNS lookups during the process, making SPF checks even slower.

However, if we have a domain where we have to add many entries to the SPF record and it would grow larger than 255 characters we have a way to come around that limitation. The trick is that we split the record into multiple entries and add those entries to the actual SPF record as "include" entries.

Example

Always Hot Café has a very long SPF record, so long that recipient email servers have trouble processing it.

Original, too long version:

Domain: alwayshotcafe.com
Record type: TXT
Host: @
Value: "v=spf1 ip4:111.111.111.111/27 ip4:112.112.112.112/28 ip4:212.212.255.224/29 ip4:222.222.222.222 include:spf.protection.outlook.com include:servers.mcsv.net include:spf.messagelabs.com mx:mail.mail.com mx:lastlong.com -all"

Now, to sort the issue, we split the record into two separate TXT records, and include them in the main SPF record, as follows:

First piece:

Domain: alwayshotcafe.com
Record type: TXT
Host: spf-part1
Value: "v=spf1 ip4:111.111.111.111/27 ip4:112.112.112.112/28 ip4:212.212.255.224/29 ip4:222.222.222.222 -all"

Second piece:

Domain: alwayshotcafe.com
Record type: TXT
Host: spf-part2
Value: "v=spf1 include:spf.protection.outlook.com include:servers.mcsv.net include:spf.messagelabs.com mx:mail.mail.com mx:lastlong.com -all"

Main:

Domain: alwayshotcafe.com
Record type: TXT
Host: @
Value: "v=spf1 include:spf-part1.alwayshotcafe.com include:spf-part2.alwayshotcafe.com -all"

Once the DNS propagation is done (the lower TTL is used the better to speed up the process), the recipients will have no problem interpreting the SPF pieces as one.

Reader Interactions

Comments

  1. Ivan Sokac says

    October 11, 2020 at 07:48

    Thank you so much for sharing this! Just a small mistake in the result (main).

    The second include should be

    include:spf-part2.alwayshotcafe.com

    if I’m not mistaken.

    Great article btw!

    Reply
    • Zsolt Agoston says

      October 11, 2020 at 08:24

      Hi Ivan, you’re absolutely right, mistake is corrected, thank you for pointing it out

      Reply

Comments Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Tools

Secondary Sidebar

  • Terms of Use
  • Disclaimer
  • Privacy Policy
Manage your privacy

To provide the best experiences, we and our partners use technologies like cookies to store and/or access device information. Consenting to these technologies will allow us and our partners to process personal data such as browsing behavior or unique IDs on this site and show (non-) personalized ads. Not consenting or withdrawing consent, may adversely affect certain features and functions.

Click below to consent to the above or make granular choices. Your choices will be applied to this site only. You can change your settings at any time, including withdrawing your consent, by using the toggles on the Cookie Policy, or by clicking on the manage consent button at the bottom of the screen.

Functional Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics
The technical storage or access that is used exclusively for statistical purposes. The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.
Statistics

Marketing

Features
Always active

Always active
Manage options Manage services Manage {vendor_count} vendors Read more about these purposes
Manage options
{title} {title} {title}
Manage your privacy
To provide the best experiences, we use technologies like cookies to store and/or access device information. Consenting to these technologies will allow us to process data such as browsing behavior or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions.
Functional Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics
The technical storage or access that is used exclusively for statistical purposes. The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.
Statistics

Marketing

Features
Always active

Always active
Manage options Manage services Manage {vendor_count} vendors Read more about these purposes
Manage options
{title} {title} {title}