Why Can’t ISPs Handle SPF Records?

I’m always appalled when I need to setup a Sender Policy Framework (SPF) record using ISP zone file editors.

It took ThePlanet (now owned by IBM/SoftLayer) 5 years to fix their web interface to handle valid SPF records (re-edit and save) – and that’s *after* I reported the bug.

I had to make an official visit to their CEO as their #109th largest customer to actually get somebody to look at the ticket. Their engineering staff was in disbelief, until they actually tested it and said, “Oops!” 🙂

GoDaddy currently has 3 oddities in their new and classic DNS zone editor web programs:

  1. the SPF wizard does not show double quotes, required for records with spaces, as all SPF records have. It silently inserts the quotes, doubling them if you also add them, causing an invalid record.
  2. their SPF wizard wildly flails around, making the longest SPF records I’ve ever seen. That means problems, like more DNS lookups and possibly truncation issues
  3. it refuses to allow domain names in the left-hand column, forcing the origin (@ symbol). That works for most people, but I hope you’re not the exception.

Can you spot more bugs? 🙂

Register.com’s new zone editor UI for their partner site, rcomexpress.com, removed the TTL option. The default is now 60 minutes, with no way to change that. I have a feeling they wanted to make a mobile-friendly simpler UI.

Notes:

  • Regarding #3, for those people not familiar with SPF, rules apply to domain names and subdomain names, usually mydomain.com or mail.mydomain.com, the latter of which @ will not match.
  • SPF clients match the SPF or TXT record with the FQDN in the Return-Path header. If you don’t want to add a SPF record for each host (like www0 and www1), then email server masquerading can be used. In sendmail, that’s
    FEATURE(masquerade_envelope)dnl

openspf.org: Common mistakes when creating an SPF record

This entry was posted in Open Source, Tech. Bookmark the permalink.

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.