Apr 1, 2019

How To Fix SPF Fail: Too Many DNS Lookups

At my day job that shall remain nameless, we use a lot of hosted platforms that are set to send out emails on our behalf. The problem with that comes when creating a SPF record so all these services can essentially spoof your emails!

Why would this become a problem? Well, just to give you an example, let's say you are using Office365 for email, but you also use SalesForce and maybe some other platform. On top of that, maybe you have an internal SMTP server or servers for whatever reason. This ends up making a very long SPF DNS record!

Well, I found a really good article from the folks at Black Knight Solutions that shows you how to create large SPF records the right way:
Consider the following SPF record for 'sampledomain.com' - note that the entries are for example purposes only. 
sampledomain.com TXT
v=spf1 a mx a:mail.domain.com a:mail.domain.ie a:server5.somedomain.com a:server7.somedomain.com mx:server95.somedomain.com include:thatdomain.com ip4:192.168.0.1 ip4:192.168.0.2 ip4:192.168.03 ip4:192.168.0.4 ip4:192.168.0.04 -all

This record above is too long and needs to be shortened; you will have to split this up into two or more records and include them in the main SPF record.

Create the following SPF records on the domain name: 
spf1.sampledomain.com TXT
v=spf1 a mx a:mail.domain.com a:mail.domain.ie a:server5.somedomain.com -all 
spf2.sampledomain.com TXT
v=spf1 server7.somedomain.com mx:server95.somedomain.com include:thatdomain.com -all 
spf3.sampledomain.com TXT
v=spf1 ip4:192.168.0.1 ip4:192.168.0.2 ip4:192.168.03 ip4:192.168.0.4 ip4:192.168.0.04 -all 
Note: You can create more records as required.

Then amend the initial SPF as follows: 
sampledomain.com TXT
v=spf1 include:spf1.sampledomain.com include:spf2.sampledomain.com include:spf3.sampledomain.com -all"

Once DNS updates, all records would be read as one by recipient servers.
Essentially, you need to break up all your multiple entries into separate SPF records, then only reference those records in your top level record! Makes sense right?

After I did this, the error is was getting when running a SPF check tool (SPF Fail: Too Many DNS Lookups) went away!

Did this help you out? Let us know in the comments!



Twitter Delicious Facebook Digg Stumbleupon Favorites More

 
Design by Free WordPress Themes | Bloggerized by Lasantha - Premium Blogger Themes | stopping spam