Solved

Multiple spf records for the same domain name

Posted on 2010-09-03
3
1,139 Views
Last Modified: 2012-08-13
My question is as follows...

TXT records are limited to 255 characters, but what happens if your SPF record is longer? What is the right thing to do.

Is it:
[step="A" title="A"]Have separate SPF records with the same domain[/step]
OR
[step="B" title="B"]Have the first SPF record include a 2nd domain[/step]

I will give examples below

A.
yourdomain.com. IN TXT "v=spf1 ip4:<IP allocations> include:<somedomains.com> ~all"
yourdomain.com. IN TXT "v=spf1 ip4:<More IP allocations> include:<somemoredomains.com> ~all"

Open in new window



B.
yourdomain.com. IN TXT "v=spf1 ip4:<IP allocations> include:<somedomains.com> include:spf2.yourdomain.com ~all"
spf2.yourdomain.com. IN TXT "v=spf1 ip4:<More IP allocations> include:<somemoredomains.com> ~all"

Open in new window

0
Comment
Question by:jasonatspigit
  • 2
3 Comments
 
LVL 43

Accepted Solution

by:
ravenpl earned 500 total points
Comment Utility
According to http://www.openspf.org/svn/project/specs/rfc4408.txt section 4.5
You need the (B) way.
0
 

Author Comment

by:jasonatspigit
Comment Utility
I have read that section over and over again and I am not seeing what you're seeing. How does that state B is the definite solution? The site is not accessible at the moment though.
0
 
LVL 43

Assisted Solution

by:ravenpl
ravenpl earned 500 total points
Comment Utility
  After the above steps, there should be exactly one record remaining
   and evaluation can proceed.  If there are two or more records
   remaining, then check_host() exits immediately with the result of
   "PermError".

IMHO the above clearly states (A) returns PermError. B should work though.
0

Featured Post

Do You Know the 4 Main Threat Actor Types?

Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

Join & Write a Comment

One of the most often confused topics in the area DNS is the idea of GLUE records. Specifically, what they are, when they are needed, when they are provided, and how they are created. First, WHAT IS GLUE? To understand GLUE, you must first under…
I wrote this article to explain some important DNS concepts that should be known to avoid some typical configuration errors I often see in forums. I assume that what is described here is the typical behavior of Microsoft DNS client. I don't know …
It is a freely distributed piece of software for such tasks as photo retouching, image composition and image authoring. It works on many operating systems, in many languages.
This video demonstrates how to create an example email signature rule for a department in a company using CodeTwo Exchange Rules. The signature will be inserted beneath users' latest emails in conversations and will be displayed in users' Sent Items…

763 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now