Real SPF record not as a TXT

MarkerB

Registered
Mar 2, 2014
1
0
51
cPanel Access Level
Reseller Owner
Hello :)

I found the following URL to help explain why TXT records are used:

HOWTO - Define an SPF Record

Thank you.
The original poster's question is still valid, and it's something I've also been wondering for some time. I thought cPanel was just taking a little longer to implement; but didn't think until now they might be entirely ignoring the specification. The use of TXT records for SPF information was meant for transitional use, and by now many SPF validation tools report a warning if a real SPF record is not available. Is cPanel specifically choosing to not support native Sender Policy Framework records many years after it was implemented?
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,880
2,261
463
A feature request was opened for the inclusion of a direct SPF record (instead of a TXT entry) and here is the response sent:

Kenneth Power Posted 5 months ago

For SPF, the TXT RR should be used. SPF records are deprecated by the IETF and not recommended for use. Please see draft-ietf-spfbis-4408bis-20 - Sender Policy Framework (SPF) for Authorizing Use of Domains in Email, Version 1 and draft-ietf-spfbis-4408bis-20 - Sender Policy Framework (SPF) for Authorizing Use of Domains in Email, Version 1

DKIM keys longer than 2048 bits must be split into multiple fields. This is a limitation of the spec for TXT records.
 

ateks

Registered
Jun 16, 2014
4
0
1
cPanel Access Level
Root Administrator
Could you confirm what you are seeking an update on?

Thank you.
I believe this is in response to the OP's question. I too would like to know if this is being looked at.

The post regarding deprecation is old and the IETF specifies that both an SPF and TXT record are recommended (see RFC 4408 Section 3.1.1 which specifies that domains "SHOULD have SPF records of both RR types"). Indeed, many mail engines do not even issue an SPF pass unless a true SPF record has been published. Feel free to argue that this is bad practice (and I wouldn't disagree) but it doesn't change anything; true SPF records ARE important. In recent months, I've noticed the number of mail engines requiring a true SPF record increasing. From my latest experiences over the last week, even Gmail does not always issue an SPF pass without a true SPF record.
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,880
2,261
463
I do want to point out the most recent comment:

cPanelDon Posted 1 week ago

The DNS TXT resource record type facilitates valid SPF records. Using the DNS SPF RR type is not recommended nor required for publishing valid SPF records.

Section 3.1 of RFC 7208 states "SPF records MUST be published as a DNS TXT (type 16) Resource Record (RR) [RFC1035] only. The character content of the record is encoded as [US-ASCII]. Use of alternative DNS RR types was supported in SPF's experimental phase but has been discontinued."

Reference: RFC 7208 - Sender Policy Framework (SPF) for Authorizing Use of Domains in Email, Version 1
I'll try to get that request opened again so you can add additional feedback.

Thanks.
 

JacobPerkins

Well-Known Member
May 2, 2014
617
97
103
cPanel Access Level
DataCenter Provider
Twitter