What's the proper format for an SPF record?

Question

Querying my domain I get:

The TXT records found for your domain are:
v=spf1 ip4:50.22.72.198 a mx:wordswithfriends.net ~all

So superficially it appears OK. However I also get the following message

SPF records should also be published in DNS as type SPF records.
No type SPF records found.

I want to make sure things are absolutely airtight. So in addition to TXT records I also want a pure SPF record. However I cannot figure out the format. Placing the same text in an SPF record does not seem to work.

Edit:

At the moment I have a TXT record but not SPF record. When I cut and paste from TXT straight to SPF I get some type of crazy recursive DNS error so quickly deleted the SPF. I just want to know the correct format. Copying

v=spf1 ip4:50.22.72.198 a mx:wordswithfriends.net ~all

straight into an SPF record doesn't work.

May I just in passing praise the original poster here? This is an excellent example of why the unending tendency to redact identifying content from questions on SF is seriously annoying. If he'd edited his SPF record so it just said mx:foo.com , neither of the two cogent answers I already see below could have been posted. Yes, sometimes stuff is confidential and needs redacting, but I believe it's **way** overused around these parts, to the detriment of all. — MadHatter, Jan 28 '11 at 08:18

score 12 · Answer 1 · edited Oct 07 '21 at 06:47

12

If you are trying to add an SPF record in addition to the usual TXT record, the format is exactly the same. However, you need to use a version of BIND that supports SPF record types, i.e. 9.4.0 or later.

If your DNS software lacks support for "true" SPF records, I wouldn't worry about it. This record type is fairly new and you certainly won't need it for compatibility within the next 10 years or so. :)

edited Oct 07 '21 at 06:47

Community

1

answered Jan 28 '11 at 13:47

Martin

716
3
6

1

This is the only answer (with just one +1) that address the question!!! – Alex Angelico Sep 19 '11 at 17:57

score 8 · Accepted Answer · answered Jan 28 '11 at 08:12

That SPF record looks correct to me, mine is quite similar to that.

Where do you get the SPF error? I checked the domain from my SPF client and it says it's okay.

You can always check the syntax here http://www.openspf.org/SPF_Record_Syntax and generate a new header here http://old.openspf.org/wizard.html?mydomain=example.com&submit=Go%21

$ spfquery -i 50.22.72.198 -m test@wordswithfriends.net -h wordswithfriends.net
pass
Please see http://www.openspf.org/why.html?sender=test%40wordswithfriends.net&ip=50.22.72.198&receiver=spfquery: 50.22.72.198 contains 50.22.72.198
spfquery: domain of test@wordswithfriends.net designates 50.22.72.198 as permitted sender
Received-SPF: pass (spfquery: domain of test@wordswithfriends.net designates 50.22.72.198 as permitted sender) client-ip=50.22.72.198; envelope-from=test@wordswithfriends.net; helo=wordswithfriends.net;

+1 for the openspf.org links. It's a very clear and useful tool for creating SPF records. — Lekensteyn, Jan 28 '11 at 13:52

score 5 · Answer 3 · answered Jan 28 '11 at 08:12

5

Did you just set the spf record? if so the other side's dns server might be caching your old zone without the spf record. So just wait a day and then try.

I went to http://www.kitterman.com/spf/validate.html and you passed.

answered Jan 28 '11 at 08:12

Mike

22,310
7
56
79

What's the proper format for an SPF record?

3 Answers3