I've been dealing with some domain spoofing issues and while trying to secure things, I've found that SPF validators keep claiming I don't have a -ALL at the end of my long SPF record. My record has numerous lines of ip4 entries due to multiple includes and flattening, but despite having -all at the very end of the last entry, the validators only seem to return the first group of IPs. I attempted to add spaces instead of new lines, but that led to validators failing because they saw two IP addresses as connected. What am I missing with this SPF formatting?
3 Answers
Another article you might want to look at is also talking about this. Make sure your SPF record is properly formatted to prevent entries from being combined incorrectly!
I totally get your frustration! Have you checked the guide from AWS on configuring long SPF records? It suggests keeping spaces between IP groups, but that doesn't seem to work for you?
Yes, I did check that guide and followed it, but when I add spaces, the validators just ignore those and combine IPs. It's really confusing!
It sounds like you're facing issues with DNS lookups affecting your SPF record. If you have a lot of includes, consider flattening the SPF record into a simple list of IPs. That could help with the validation.
I tried flattening it, but the validators still only show the first group of IPs and miss the -all part.
I checked that article too, but it leads back to the same formatting issue. The validators continue to flag it as invalid.