SPF and 255 string limit - how to create separate strings?

My current DNS TXT record for SPF is close to 255 characters, and I need to add one more entry. If I can break the record into separate strings (each of which is less than 255 characters) it will be compliant. But how do I do that?

Strings are indicated by “characters in double quotes” but Cloudflare DNS hides these quotes. Do I just manually add the double quotes?

For example, instead of having this single string:
TXT value: v=spf1 ip4:192.168.1.1 include:mailsendingdomain.com -all

I would need to break it into two strings using the double quotes:
TXT value: “v=spf1 ip4:192.168.1.1” " include:mailsendingdomain.com -all"

Thanks!

Try without.

1 Like

Have to admit I haven’t encountered this, but as far as the source from here:

https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/ResourceRecordTypes.html#TXTformat-limits

I tried to enter the same, multiple values inside the one TXT record (haven’t used before), and looks like it accepts it on DNS tab and works.

Either it’s not my practice to combine multiple ones into the one (like DKIM selector, etc.), while the longest character count I have had for a SPF (TXT record) was near the 200 characters due to IPs and +include.


mydomain.com. TXT 300 "google-site-verification=rXOxyZounnZasA8Z7oaD3c14JdjS9aKSWvsR1EbUSIQ"
"v=spf1 include:_netblocks.google.com include:_netblocks2.google.com include:_netblocks3.google.com ~all"
"spf2.0/pra include:spf1.amazon.com include:spf2.amazon.com include:amazonses.com -all"
"v=DKIM1;k=rsa;p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDeIhtCv3vUinyhKiKtZ8efjHGGo8gE1T+o7gLrvo6yRtdz9ICe6Fz5sgz0WYFW5nCV4DmaTcS25TfgWKsLgg"
QUESTION
mydomain.com. IN TXT
ANSWER
mydomain.com. 300 IN TXT "\"google-site-verification=rXOxyZounnZasA8Z7oaD3c14JdjS9aKSWvsR1EbUSIQ\"\"v=spf1 include:_netblocks.google.com include:_netblocks2.google.com include:_netblocks3.google.com ~all\"\"spf2.0/pra include:spf1.amazon.com include:spf2.amazon.com include:amazonses.co" "m -all\"\"v=DKIM1k=rsap=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDeIhtCv3vUinyhKiKtZ8efjHGGo8gE1T+o7gLrvo6yRtdz9ICe6Fz5sgz0WYFW5nCV4DmaTcS25TfgWKsLgg\""

That’s unexpected. Have you run it through dmarcian.com to see if it passes?

1 Like

Ah, now I see what you’re trying to do. Cloudflare doesn’t set that limit, so it’s a generic DNS issue for SPF. Here’s a guide:

1 Like

True :+1: , not valid having it combined like that.

1 Like

Interesting, I also noticed that you didn’t put any spaces between the strings. So “string one” “string two” would be read as “string onestring two” - what I’ve seen online is adding the extra spaces inside the quotes like: “string one” " string two" - but seems like it’s adding some \ breaks which I don’t think I’d want in the record.

Is there another way to implement this multiple string approach in Cloudflare’s DNS?

It looks like Cloudflare does two things 1) Adds another set of redundant double quotes - one at the beginning and one at the end, and 2) uses the backslash \ to indicate the presence of the double quotes I added in.

Is the TXT file still compliant for SPF purposes with those extra quotes and backslashes?

Reached out to Cloudflare Support and got an answer.

It turns out that Cloudflare will automatically break strings in TXT files into separate strings if they exceed 255 characters (actually seems to keep them at 245 characters). You don’t have to do anything but put in the content. Cloudflare will add the double quotes for you to keep all string lengths compliant with standards.

So, for example, I created a test TXT file with the following content:
1234567890a 123456789b 1234567890c 1234567890d 1234567890e 1234567890f 1234567890g 1234567890h 1234567890i 1234567890j 1234567890k 1234567890l 1234567890m 1234567890n 1234567890o 1234567890p 1234567890q 1234567890r 1234567890s1234567890t 1234567890u 1234567890v 1234567890w 1234567890x 1234567890y 1234567890z

When I did a dig on this record, here’s what came back for the content of the TXT record:
“1234567890a 123456789b 1234567890c 1234567890d 1234567890e 1234567890f 1234567890g 1234567890h 1234567890i 1234567890j 1234567890k 1234567890l 1234567890m 1234567890n 1234567890o 1234567890p 1234567890q 1234567890r 1234567890s 1234567890t 1234567890u 1234” “567890v 1234567890w 1234567890x 1234567890y 1234567890z”

You’ll notice that in the middle of the 1234567890v string is where Cloudflare breaks up the content with double quotes (…1234" "567890v…) and so creates two separate strings.

Posting this here in case it’s helpful for someone else.

2 Likes

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.