TXT vs SPF record for Google servers SPF record, either or both?

dns spf
17,998

Solution 1

I realize this is a fairly old question, but in case anyone else stumbles upon it, here is what I found. It appears that the SPF record type is now obselete. See:

Studies have shown that RRTYPE 99 has not seen any substantial use, and in fact its existence and mechanism defined in [RFC4408] has led to some interoperability issues. Accordingly, its use is now obsolete, and new implementations are not to use it.

From: https://datatracker.ietf.org/doc/html/draft-ietf-spfbis-4408bis-15#section-13.1

See also a post on cPanel's feature request forum on this topic.

Solution 2

Please read status of RFC4408 "Category: Experimental" and definition of this status.

Also, from RFC

It is recognized that the current practice (using a TXT record) is not optimal, but it is necessary because there are a number of DNS server and resolver implementations in common use that cannot handle the new RR type.

and, after all, SPF RR haven't any added value, compared to TXT version

Solution 3

I would create both, since you have that ability. After you done, you can send and email to "[email protected]", it will auto-respond and give you a complete diagnosis of the email you sent letting you know, if you have everything set up correctly.

Solution 4

Recently for anyone looking into this having both SPF and TXT records cause issues. I saw a recent issue where the txt and spf version on a customer was not the same. both being the same may be ok. the spf was in the txt but all the txt was not in the spf causing SPF not being valid.

Solution 5

As per satyenshah's Jul 19, 2017 reply to this post:

The dedicated type=SPF record never really caught on. Sender policies using ``type=TXT records were established too well in the early 2000's for the type=SPF record to get a foothold in the 2010's. Your authoritative DNS server probably supports publishing the SPF record, but the Internet's MX servers are satisfied querying just the TXT record.

Major services (including gmail.com and yahoo.com) only publish type=TXT record for SPF. Their administrators have figured out that the type=SPF record is unnecessary.

In most cases, there is no harm to publishing your domain's SPF policy with both record types. Two caveats:

  1. You will need to be diligent about keeping those two records manually in sync. When you update one copy of your policy record, you have to remember to update the other.
  2. Depending on your DNS server, a type=ANY query could include both TXT and SPF records in the reply, making the response larger.
    This itself has two drawbacks.
    • First, you become more susceptible to DNS amplification/reflection DDoS attacks. Second, if the size of your domain's ANY response hovers right around the 512-byte threshold between UDP/TCP,
    • Then you might run encounter a bug caused by an ambiguity in the RFC for the DNS protocol. That's rare, but it happens.

Network tools info bubble (if your entered domain shows a SPF record) sais:

More Information About Spf Record Deprecated Hostname has returned a SPF Record that has been deprecated

The use of alternative DNS RR types that was formerly supported during the experimental phase of SPF was discontinued in 2014. SPF records must now only be published as a DNS TXT (type 16) Resource Record (RR) [RFC1035]. See RFC 7208 for further detail on this change.

According to RFC 7208 Section 3.1: During the period when SPF was in development, requirements for assigning a new DNS RR type were more stringent than they are today and support for the deployment of new DNS RR types was not deployed in DNS servers and provisioning systems. The end result was that developers of SPF discovered it was easier and more practical to follow the TXT RR type for SPF.

Yet, I have also read some people report that they had trouble with email delivery until they added an SPF record.

Given that google only provides TXT records is a good indication that having a TXT entry, alone, should work.

Share:
17,998

Related videos on Youtube

sebastien
Author by

sebastien

Updated on September 18, 2022

Comments

  • sebastien
    sebastien almost 2 years

    According to Google’s documentation, https://support.google.com/a/bin/answer.py?hl=en&answer=178723

    It clearly says Create a TXT record containing this text: v=spf1 include:_spf.google.com ~all

    Why is this not a SPF record?

    RFC4408 defines SPF records, but it seems it’s not really used https://www.rfc-editor.org/rfc/rfc4408#section-3.1.1

    Is that right? Should I create both TXT and SPF ?

    Thanks

    • LazyOne
      LazyOne over 12 years
      Not many domain registrars provide tools for creating and managing actual SPF records while TXT support is quite common (just for example: popular GoDaddy). That's, of course, if you are not running your own DNS server. If you can -- create both. This will also be beneficial for services that actually support SPF records (because they first check SPF and if absent -- TXT).
  • Admin
    Admin about 10 years
    You may like to change your mind considering Dominic's answer?
  • Stoinov
    Stoinov about 9 years
    Also RFC 7208 obsoletes 4408 and states: SPF records MUST be published as a DNS TXT (type 16) Resource Record (RR) [RFC1035] only.
  • SherylHohman
    SherylHohman over 4 years
    The tone of this post is quite unfriendly and toxic.
  • Sandeep Bhaskar
    Sandeep Bhaskar almost 3 years
    SPF record is obsolete since long ago, see RFC 7208, as indicated in other answers and comments. Anyone still publishing SPF records today is wrong.

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

SPF Configuration for Mandrill and MailChimp?
Do SPF and DKIM TXT records require quotes?
Create both IPv4 and IPv6 SPF record
How to properly set up DNS SPF records?
Correct SPF record using google apps
Too many DNS lookups in an SPF record
SPF for subdomain to avoid email spam
Emails marked as spam - SPF passes, DKIM passes, sender-id passes
Kubernetes - How to edit CoreDNS corefile configmap?
Redirect users to the nearest server based on their location without changing url