Combining 2 Hosts for TXT SPF Records

Question

Related to that question from @Jaeho Lee, Someone figured out a solution for the Host issue when you combined the two spf records? I am having the same issue; if so, can someone please advise?

I have combined 2 spf records, as listed below in #3. However, I receive an error because I am unsure how to list 2 Hosts in the TXT record. Does anyone know how to address this, any solution?

1. v=spf1 include:_spf.google.com ~all

2. v=spf1 include:sendgrid.net ~all

3. v=spf1 include:_spf.google.com include:sendgrid.net ~all

How do I include both Hosts names for google and sendgrid? Any information would be helpful. Thx!

Answer 1

Multiple include directives in an SPF record are allowed, so v=spf1 include:_spf.google.com include:sendgrid.net ~all is valid syntax and should exactly do what you intend.

But with records containing include: directives the receiver will quite easily run into the following limit set in RFC 4408 §10.1

SPF implementations MUST limit the number of mechanisms and modifiers that do DNS lookups to at most 10 per SPF check, including any lookups caused by the use of the "include" mechanism or the "redirect" modifier

Both the Sendgrid and Google SPF records each contain additional include: directives so you might be reaching that limit.

For illustration:

_spf.google.com.    300 IN  TXT "v=spf1 include:_netblocks.google.com include:_netblocks2.google.com include:_netblocks3.google.com ~all"

That triggers 3 additional lookups in addition to the lookup for _spf.google.com.

and

sendgrid.net.       90  IN  TXT "v=spf1 ip4:167.89.0.0/17 ip4:208.117.48.0/20 ip4:50.31.32.0/19 ip4:198.37.144.0/20 ip4:198.21.0.0/21 ip4:192.254.112.0/20 ip4:168.245.0.0/17 ip4:149.72.0.0/16 ip4:159.183.0.0/16 include:ab.sendgrid.net ~all"

also triggers an additional lookup.