0

Related to that question from @Jaeho Lee, Someone figured out a solution for the Host issue when you combined the two spf records? I am having the same issue; if so, can someone please advise?

I have combined 2 spf records, as listed below in #3. However, I receive an error because I am unsure how to list 2 Hosts in the TXT record. Does anyone know how to address this, any solution?

  1. v=spf1 include:_spf.google.com ~all

  2. v=spf1 include:sendgrid.net ~all

  3. v=spf1 include:_spf.google.com include:sendgrid.net ~all

How do I include both Hosts names for google and sendgrid? Any information would be helpful. Thx!

3
  • Those are for the same domain? Not that sendgrid is for subdomain.domain.com and Google is for domain.com
    – Turdie
    Commented Jan 26 at 13:03
  • 1
    Your syntax is correct, a SPF record can have multiple include statements.
    – Massimo
    Commented Jan 26 at 13:04
  • Google for google workspace for our domain, sendgrid is to send via our CRM. The two Hosts are: @ and em8676, but I receive an error message when trying to list both hosts in the txt record.
    – bgbran
    Commented Jan 26 at 13:29

1 Answer 1

1

Multiple include directives in an SPF record are allowed, so v=spf1 include:_spf.google.com include:sendgrid.net ~all is valid syntax and should exactly do what you intend.

But with records containing include: directives the receiver will quite easily run into the following limit set in RFC 4408 §10.1

SPF implementations MUST limit the number of mechanisms and modifiers that do DNS lookups to at most 10 per SPF check, including any lookups caused by the use of the "include" mechanism or the "redirect" modifier

Both the Sendgrid and Google SPF records each contain additional include: directives so you might be reaching that limit.

For illustration:

_spf.google.com.    300 IN  TXT "v=spf1 include:_netblocks.google.com include:_netblocks2.google.com include:_netblocks3.google.com ~all"

That triggers 3 additional lookups in addition to the lookup for _spf.google.com.

and

sendgrid.net.       90  IN  TXT "v=spf1 ip4:167.89.0.0/17 ip4:208.117.48.0/20 ip4:50.31.32.0/19 ip4:198.37.144.0/20 ip4:198.21.0.0/21 ip4:192.254.112.0/20 ip4:168.245.0.0/17 ip4:149.72.0.0/16 ip4:159.183.0.0/16 include:ab.sendgrid.net ~all"

also triggers an additional lookup.

2
  • 1
    As an aside, I use this site to check SPF records. It shows the entire SPF lookup "tree" including nested lookups. - easydmarc.com/tools/spf-lookup
    – joeqwerty
    Commented Jan 26 at 14:51
  • Thank you @HBruijn
    – bgbran
    Commented Jan 26 at 15:04

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .