Common SPF Misconfigurations

We have noticed many common mistakes and misconfigurations in published SPF records. As there is no reporting when a recipient MTA rejects a record, these errors can be hard to notice and debug. Check your domain with DomainProactive to ensure your SPF record is configured correctly to maximize deliverability.

• Multiple records: Some domains publish multiple TXT records containing SPF records. This is not permitted per §3.2 of RFC 7208. This is often the result of adding a record without realizing that one already exists. In such cases, the receiving MTA may evaluate the record not intended or fail to evaluate any of them.

• Use of ptr: The ptr mechanism is deprecated and should not be used, per §5.5 of RFC 7208.

• Specifying an IP address where a domain specification is expected: This is an easy mistake to make. Consider the record, "v=spf1 +mx +ip4:54.230.227.16 +a:54.230.227.66 ~all". The administrator likely meant to use ip4 instead of a as the mechanism. The a mechanism expects a domain specification and not an IP address.

• Use of SPF type: An earlier version of the SPF protocol used records of type SPF (RR type 99) in the DNS entry for a domain. This is deprecated per §14.1 of RFC 7208 in favor of putting the SPF record in a TXT record.