Help
Technical Forum
Ask questions. Discover Answers.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Technical Forum Quicklinks: No Replies | Active-Not Solved | Recent Solutions

SPF TXT lookup limit RFC 7208 4.6.4

Go to solution
AP15
Altostratus
Altostratus

‎10-Jul-2023 19:28

Can someone please confirm best way to include more DNS lookup within SPF record. How does F5 implementation work for 10+ lookup records? 

Labels:
2 ACCEPTED SOLUTIONS

Go to solution
Leslie_Hubertus
Community Manager
Community Manager

‎17-Jul-2023 13:28

Hi @AP15  - FYI - I've floated this post to the top of the forum for now, to give your post more visibility and a higher chance of getting an answer from the community. 

View solution in original post

Go to solution
JRahm
Community Manager
Community Manager

‎25-Jul-2023 09:07

Hi @AP15 ... max 10 is the standard, you'll break SPF and bad things will happen, so you don't want to do that. However, there are ways to work around the issue. Check out autoSPF and analyze any domain and it will give you pointers. For example, the F5.com domain has a query count of 5/10, which they offer a solution to reduce to 2/10 by sharding the load like so:

 

f5.com spf:
v=spf1 ip4:40.92.0.0/15 ip4:40.107.0.0/16 ip4:52.100.0.0/14 ip4:104.47.0.0/17 ip4:72.3.185.0/24 ip4:166.78.68.0/22 ip4:104.219.104.14 ip4:104.219.105.14 ip4:104.219.106.14 ip4:104.219.107.14 ip4:72.32.154.0/24 ip4:72.32.217.0/24 ip4:72.32.243.0/24 ip4:209.61.151.0/24 ip4:198.61.254.0/23 ip4:23.253.182.0/23 ip4:104.130.96.0/28 ip4:68.233.68.14/32 ip4:146.20.112.0/26 ip4:146.20.113.0/24 ip4:146.20.191.0/24 include:_spf0000000.f5.com -all

_spf0000000.f5.com spf:
v=spf1 ip4:199.15.212.0/22 ip4:94.236.119.0/26 ip4:185.28.196.0/22 ip4:192.28.128.0/18 ip4:192.237.158.0/23 ip4:50.23.218.192/27 ip4:174.37.226.64/27 ip4:184.173.105.0/24 ip4:184.173.153.0/24 ip4:159.135.224.0/20 ip4:37.188.97.188/32 ip4:103.237.104.0/22 ip4:130.248.172.0/24 ip4:130.248.173.0/24 ip4:173.193.210.32/27 ip4:208.43.239.136/30 ip6:2a01:111:f400::/48 ip6:2a01:111:f403::/49 ip6:2a01:111:f403:8000::/50 include:_spf0000001.f5.com -all

_spf0000001.f5.com spf:
v=spf1 ip6:2a01:111:f403:c000::/51 ip6:2a01:111:f403:f000::/52 exists:%{i}.spf.hc5801-97.iphmx.com exists:%{i}._spf.mta.salesforce.com -all

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
https://twitter.com/jasonrahm
https://www.youtube.com/devcentral

View solution in original post

2 REPLIES 2

Go to solution
Leslie_Hubertus
Community Manager
Community Manager

‎17-Jul-2023 13:28

Hi @AP15  - FYI - I've floated this post to the top of the forum for now, to give your post more visibility and a higher chance of getting an answer from the community. 

Go to solution
JRahm
Community Manager
Community Manager

‎25-Jul-2023 09:07

Hi @AP15 ... max 10 is the standard, you'll break SPF and bad things will happen, so you don't want to do that. However, there are ways to work around the issue. Check out autoSPF and analyze any domain and it will give you pointers. For example, the F5.com domain has a query count of 5/10, which they offer a solution to reduce to 2/10 by sharding the load like so:

 

f5.com spf:
v=spf1 ip4:40.92.0.0/15 ip4:40.107.0.0/16 ip4:52.100.0.0/14 ip4:104.47.0.0/17 ip4:72.3.185.0/24 ip4:166.78.68.0/22 ip4:104.219.104.14 ip4:104.219.105.14 ip4:104.219.106.14 ip4:104.219.107.14 ip4:72.32.154.0/24 ip4:72.32.217.0/24 ip4:72.32.243.0/24 ip4:209.61.151.0/24 ip4:198.61.254.0/23 ip4:23.253.182.0/23 ip4:104.130.96.0/28 ip4:68.233.68.14/32 ip4:146.20.112.0/26 ip4:146.20.113.0/24 ip4:146.20.191.0/24 include:_spf0000000.f5.com -all

_spf0000000.f5.com spf:
v=spf1 ip4:199.15.212.0/22 ip4:94.236.119.0/26 ip4:185.28.196.0/22 ip4:192.28.128.0/18 ip4:192.237.158.0/23 ip4:50.23.218.192/27 ip4:174.37.226.64/27 ip4:184.173.105.0/24 ip4:184.173.153.0/24 ip4:159.135.224.0/20 ip4:37.188.97.188/32 ip4:103.237.104.0/22 ip4:130.248.172.0/24 ip4:130.248.173.0/24 ip4:173.193.210.32/27 ip4:208.43.239.136/30 ip6:2a01:111:f400::/48 ip6:2a01:111:f403::/49 ip6:2a01:111:f403:8000::/50 include:_spf0000001.f5.com -all

_spf0000001.f5.com spf:
v=spf1 ip6:2a01:111:f403:c000::/51 ip6:2a01:111:f403:f000::/52 exists:%{i}.spf.hc5801-97.iphmx.com exists:%{i}._spf.mta.salesforce.com -all

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
https://twitter.com/jasonrahm
https://www.youtube.com/devcentral
Copyright © 2023 Khoros, LLC