I noticed today that my SPF record has been distributed so the main record contains includes like _spfcf1, _spfcf2 etc. up to _spfcf12. Then those records contain IP values that used to be part of the main SPF record. Looking at the Audit Log area these records were created on April 17th and 18th by a Cloudflare user.
We are using Cloudflare’s beta DMARC system which has me wondering if that tool is auto-adjusting our SPF record.
I’m now struggling to understand how to maintain our SPF record. Luckily I have the value from before this change and I plan to delete these new records and install the old record.
My searches in this community and in Google for _spfcf1 didn’t turn up information about this feature.
Does anyone else have records like this? Any advice on how best to manage a complex S PF record in Cloudflare if it’s going to get split out like this?
Note: I’m writing “SPF” instead of SPF because this forum automatically links the acronym to a help topic and then rejects my post because it contains too many links.
I am not a fan of the action, but Cloudflare will flatten SPF records when they are managed. I don’t know if avoiding the use of the Mark as approved or Mark as unapproved setting is sufficient to prevent this.
SPF flattening is done automatically as needed when SPF records are changed by Cloudflare DMARC Management.
That is very interesting, thank you. We are using the DMARC Management service and it seems possible that an action was taken in there to adjust our SPF.
The surprising thing is that these changes made our records invalid, moving it from 9 NS lookups to 19 NS lookups. I’ve read that makes them invalid and it’s up to mail recipients to decided whether to respect them when they are invalid due to excessive lookups.
