Working Solution
You can test the correctness of your SPF record by calling
host -t txt myhost.com
A simple SPF record could look like this:
@ IN TXT "v=spf1 ip4:244.11.23.13 a mx ?all"
If you add IPs one after the other, you can end up in error messages from the DNS Server saying that the string is too long.
A valid solution to this is to introduce " "
into it.
So instead of
@ IN TXT "v=spf1 ip4:244.11.23.13 ip4:144.21.23.13 ip4:222.11.11.13 ip4:244.182.23.191 ip4:203.101.22.13 a mx ?all"
you would have (an example):
@ IN TXT "v=spf1 ip4:244.11.23.13 ip4:144.21.23.13" " ip4:222.11.11.13 ip4:244.182.23.191" " ip4:203.101.22.13 a mx ?all"
The " "
option is described in the appropriate RFC and is accepted by all DNS Servers (what actually happens is, the " "
is removed and the substrings get concatenated).
But what if you have 20 IPs? You end up in a string which is by far longer than what is allowed. What can you do?
The solution to this is called: include
An example:
@ IN TXT "v=spf1 include:_spf1.myhost.com include:_spf2.myhost.com a mx ?all"
_spf1 IN TXT "v=spf1 ip4:244.11.23.13 ip4:144.21.23.13 a mx ?all"
_spf2 IN TXT "v=spf1 ip4:222.11.11.13 ip4:244.182.23.191 ip4:203.101.22.13 a mx ?all"
You can extend that with N hierarchies. I hope this helps as it took me some time to find this out!!