Do SPF and DKIM TXT records require quotes?

dns spf dkim

25,603

In the (raw) DNS zone file, the value of a TXT record needs to be enclosed in double-quotes if it contains spaces (as is often the case with SPF and DKIM records). Spaces are otherwise delimiters in the DNS Zone file.

RFC 1305 defines how values should be quoted in the Zone fine. With regards to TXT resource records:

3.3.14. TXT RDATA format
+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
/                   TXT-DATA                    /
+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
where:

TXT-DATA One or more <character-string>s.

^{[Page 20]}

<character-string> is expressed in one or two ways: as a contiguous set of characters without interior spaces, or as a string beginning with a " and ending with a ". Inside a " delimited string any character can occur, except for a " itself, which must be quoted using \ (back slash).

^{[Page 35]}

However, as mentioned in comments, you often use another tool to edit DNS records (you don't usually edit the DNS zone file directly, although WHM does give you this option). This other tool will probably handle the quotes and any additional escaping that is required to make the record valid. If you manually surround the value in quotes when submitting the value using your editor/tool then these additional quotes might be escaped and become part of the TXT record value.

Incidentally, when you do a DNS lookup, you are seeing the parsed/unquoted string value.

Further Reference:
https://en.wikipedia.org/wiki/TXT_Record
https://www.rfc-editor.org/rfc/rfc1464

25,603

Neograph734

I'm an industrial Design student from the Netherlands, who happend to develop a certain love for web development and Drupal in particular. Drupal.org profile

Updated on September 18, 2022

Comments

Neograph734 almost 2 years

I have been searching for some hours now, but multiple sources say different things.

https://support.wordfly.com/hc/en-us/articles/204767474-How-do-we-publish-DKIM-and-SPF-in-our-DNS- States I should not include quotes, whereas https://stackoverflow.com/a/9784925/1293725 reads quotes should be included in these TXT records.

These are just some examples of sources, but there are many more.

So should these records include quotes or not?
- Admin over 8 years
  
  It really depends upon your system/set-up. For example. I am assuming with wordfly you are entering your values in a web form. Using quotes in a form can really mess things up. So it is likely that the process assumes quotes and enters the values using quotes in the DNS as it should on your behalf.
- Admin over 8 years
  
  @closetnoc is correct. Whether you use quotes or not likely has more to do with the site/tool that you use to enter them.
- Admin over 8 years
  
  Thanks, I'll give it a try with quotes included first then and see if the system throws an error. I found it confusing as sources indicate spaces in TXT records make each word to be treated as an individual string and I could not figure out whether or not that was the intended behavior for SPF and DKIM. But I understand now it should be treated as one string.
- Admin almost 7 years
  
  I had quotes, moved my DNS to a new provider (Azure DNS), and SPF stopped working. Removed the quotes and everything worked again. So it depends on the provider. Make sure you verify the the record. The entity you're creating the SPF record for usually has a tool/button to do this.
Neograph734 over 8 years

Yes, after reading the comments I've found a manual on my registrar's site as well, stating the records should be entered without quotes (though I had them with quotes earlier and online validators marked them as valid so perhaps both ways worked in my case). I have switched to the recommended format of my registrar. Thanks all for the help!
lkraav almost 6 years

Yes, Cloudflare also has a specific note about quotes support.cloudflare.com/hc/en-us/articles/…
Revellion over 4 years

Where are finding this rule, "if a TXT value contains a space, it must be quoted with double quotes"? It sounds like a good rule, but whose rule is it? I cannot find anything about it in RFC 1464 or in the Wikipedia article you mentioned. (RFC 1464 mentions escaping internal double quotes, but that is different.)
Revellion over 4 years

Ah, as best I can tell this sort of escaping is is defined in RFC 1035 in Section 3.3 for the <character-string> production, and later in section 3.3.14 it specifies that TXT records have <character-string> as data and should therefore be quoted. (It also mentions this for HINFO records, whatever those are.)
MrWhite over 4 years

Yes, RFC 1305 would seem to be the place where this is defined. If you edit the raw DNS zone in WHM you are actually prompted that "you must follow the quoting and escaping conventions described in RFC 1035". I'll update my answer, thanks.