What is the difference between
v=spf1 include:_spf.google.com ~all
and
v=spf1 include:spf.google.com ~all
(the first one is with underline character in front of the spf, the second one without)
Asked
Active
Viewed 1.4k times
8
Stephane
- 6,432
- 3
- 26
- 47
Adri Brundel
- 81
- 1
- 1
- 2
2 Answers
15
spf.google.com doesn't exist, while _spf.google.com contains a valid SPF record.
In other words: only the first line will actually work (as of now).
If you search DNS for _spf.google.com you get the following result:
_spf.google.com IN TXT v=spf1 include:_netblocks.google.com include:_netblocks2.google.com include:_netblocks3.google.com ~all
Google is using the _underscore addresses to hold particular DNS records. There is no particular significance to the character choice; it's just their naming convention.
0
The "include" lets your spf record include another spf record, so it basically just points to a host entry.
The tool at http://www.kitterman.com/spf/validate.html also performs lookup on includes, and will tell you in cleartext that the host spf.google.com does not exist.
Trondh
- 4,201
- 24
- 27