dnsspfphishing

Records can not be found

Issue: my SPF Record (TXT) can not be retrieved from the DNS entry of the domain zwischengas.com
In my DNS entry I have one line for the SPF Record (as TXT entry):

@  IN TXT "v=spf1 ip4:188.a.b.c ip4:xyz/22
ip4:xyz/24 ip4:xyz/21 ip4:xyz/24 ip4:xyz/24" "ip4:xyz ip4:xyz/22
ip4:xyz ip4:xyz/29 ip4:xyz/29 ip4:xyz/28" "ip4:xyz/24 ip4:xyz/24 a mx
?all"

I have the problem, that this SPF Record can not be found and I have no clue why. According to the RFC splitting up a very long line into multiple strings is recommended in order to keep all substrings smaller than 255 characters.

My domain is zwischengas.com , the Mail Server's IP is 188.a.b.c, anybody a clue?

I tried these tests without success:

host -t txt zwischengas.com
spfquery -ip-address 188.a.b.c -m test@zwischengas.com -h zwischengas.com

Also the tests with online tools are without success:

Also Google Mail (gmail.com) can not retrieve my SPF record (according to the original mail header section):

Received-SPF: neutral (google.com: 188.a.b.c is neither permitted
nor denied by best guess record for domain of
noreply1@zwischengas.com) client-ip=188.a.b.c;
Solution

  • Working Solution

    You can test the correctness of your SPF record by calling 

    host -t txt myhost.com

    A simple SPF record could look like this: 

    @ IN TXT "v=spf1 ip4:244.11.23.13 a mx ?all"

    If you add IPs one after the other, you can end up in error messages from the DNS Server saying that the string is too long.
    A valid solution to this is to introduce " " into it.

    So instead of 

    @  IN TXT "v=spf1 ip4:244.11.23.13 ip4:144.21.23.13 ip4:222.11.11.13 ip4:244.182.23.191 ip4:203.101.22.13 a mx ?all"

    you would have (an example):

    @ IN TXT "v=spf1 ip4:244.11.23.13 ip4:144.21.23.13" " ip4:222.11.11.13 ip4:244.182.23.191" " ip4:203.101.22.13 a mx ?all"

    The " " option is described in the appropriate RFC and is accepted by all DNS Servers (what actually happens is, the " " is removed and the substrings get concatenated).

    But what if you have 20 IPs? You end up in a string which is by far longer than what is allowed. What can you do?

    The solution to this is called: include

    An example:

    @ IN TXT "v=spf1 include:_spf1.myhost.com include:_spf2.myhost.com a mx ?all"
_spf1 IN TXT "v=spf1 ip4:244.11.23.13 ip4:144.21.23.13 a mx ?all"
_spf2 IN TXT "v=spf1 ip4:222.11.11.13 ip4:244.182.23.191 ip4:203.101.22.13 a mx ?all"

    You can extend that with N hierarchies. I hope this helps as it took me some time to find this out!!