SPF Record Deprecated The DNS record type 99 (SPF) has been deprecated

  • 1
  • Problem
  • Updated 1 year ago
  • Not a Problem
Archived and Closed

This conversation is no longer open for comments or replies and is no longer visible to community members. The community moderator provided the following reason for archiving: EOL Clean up

Your SPF record for e2ma.net is causing spf=fail.


https://mxtoolbox.com/SuperTool.aspx?action=spf%3ae2ma.net&run=toolpage

SPF Record DeprecatedThe DNS record type 99 (SPF) has been deprecated

More Information About Spf Record Deprecated


Hostname has returned a SPF Record that has been deprecated

The use of alternative DNS RR types that was formerly supported during the experimental phase of SPF was discontinued in 2014. SPF records must now only be published as a DNS TXT (type 16) Resource Record (RR) [RFC1035]. See RFC 7208 for further detail on this change.

According to RFC 7208 Section 3.1: During the period when SPF was in development, requirements for assigning a new DNS RR type were more stringent than they are today and support for the deployment of new DNS RR types was not deployed in DNS servers and provisioning systems. The end result was that developers of SPF discovered it was easier and more practical to follow the TXT RR type for SPF.

Photo of JH

JH

  • 1 Post
  • 0 Reply Likes

Posted 1 year ago

  • 1
Photo of Art Quanstrom

Art Quanstrom

  • 4 Posts
  • 1 Reply Like
Hi! For our sending domain, e2ma.net, we publish two records for SPF:
  1. We publish SPF in the TXT record of e2ma.net's DNS. This is the more modern approach recognized by most servers we send mail to.
  2. We publish the SPF record type (99). Just because it's best practice to store SPF in your TXT record, you can't expect the entire Internet to be accurate. Since we know that some servers may not be up to date and may still be looking for the SPF record type, we keep it around. Maybe we'll remove that one day, but for now, we have good reason to keep it around.
Everything appears to be working just fine on our end, but if your server is reporting an error, you may want to ensure that it's querying DNS properly to authenticate incoming messages.
Take care,Art

Art QuanstromDeliverability and Compliance Lead | Emma