What is the 255-character limit for SPF records?

The 255-character limit refers to the maximum length of a single string within a DNS TXT record. SPF records are published as TXT records, and while the overall record can be longer, each individual quoted string within it cannot exceed 255 characters. If it does, you'll encounter the 'CharacterStringTooLong' error.

How do I split an SPF record into multiple TXT strings?

You can split an SPF record into multiple TXT strings by enclosing each segment of the record in double quotes and placing them consecutively. DNS resolvers will automatically concatenate these strings into one logical SPF record. For example, "v=spf1 ip4:1.2.3.4" "include:example.com ~all" .

Are SPF flattening tools supposed to handle the 'CharacterStringTooLong' error?

Many SPF flattening tools primarily address the 10-DNS lookup limit by converting include mechanisms into IP addresses. They might not automatically split the resulting flattened record into 255-character segments. You may still need to manually split the output from these tools.

What are the risks of using a fully flattened SPF record?

The main risk of using a fully flattened SPF record (one with all includes converted to static IP addresses) is that the IP ranges of your email service providers can change over time. If your record isn't manually updated to reflect these changes, it can lead to legitimate emails failing SPF authentication, impacting deliverability.

How often should I review my SPF record for character length issues?

You should review your SPF record whenever you add or remove email sending services, or if you notice unexpected email delivery issues. For actively changing environments, a quarterly or bi-annual review is a good practice to ensure it remains optimized and within character and lookup limits.

How to resolve 'CharacterStringTooLong' error when flattening SPF records? - Technical - Email deliverability - Knowledge base

The 'CharacterStringTooLong' error is a common challenge for domain owners trying to implement Sender Policy Framework (SPF) records, especially when attempting to "flatten" them. It means that the text string in your DNS TXT record, where your SPF record resides, has exceeded its maximum allowable length. This isn't necessarily a syntax error within the SPF record itself, but rather a limitation imposed by DNS standards and often enforced by your DNS provider, such as

Amazon Web Services Route 53.

Understanding this error is crucial for maintaining good email deliverability. When SPF records become too long, they can cause authentication failures, leading to your legitimate emails being rejected or sent to recipients' spam folders. Resolving this requires a clear grasp of both SPF mechanics and DNS limitations.

Suped DMARC monitoring

Free forever, no credit card required

Learn more

Trusted by teams securing millions of inboxes

Understanding the character string too long error

An SPF record is published as a TXT record in your domain's DNS. While SPF has its own set of rules, DNS TXT records also have limitations. The most critical is that a single string within a TXT record cannot exceed 255 characters. If your SPF record, after flattening, totals more than 255 characters, your DNS provider will likely throw a 'CharacterStringTooLong' error or similar, preventing you from saving the record.

SPF flattening is often used to get around the 10 DNS lookup limit. It involves resolving all included domains (like include:sendgrid.net) into their underlying IP addresses. While this helps with the lookup limit, it can drastically increase the total character count of your SPF record, pushing it beyond the 255-character single-string limit.

It's a common misconception that SPF flattening tools automatically handle this TXT record length. Many tools focus solely on resolving the 10-lookup issue, not on segmenting the output for the 255-character string limit. This means you might get a perfectly valid, flattened SPF record that still can't be published due to its raw length.

Strategies to resolve character string too long

The good news is that DNS allows you to split a single TXT record's value into multiple strings, each enclosed in double quotes. When a resolver queries your DNS, it concatenates these strings into a single, longer string before processing it. This allows you to bypass the 255-character per-string limit while still maintaining one logical SPF record.

Example of a split SPF TXT recorddns

v=spf1 "ip4:167.216.129.210/32 ip4:167.216.129.208/31 ip4:167.216.129.206/31 ip4:167.216.129.205/32 ip4:167.216.129.200/32 ip4:167.216.129.192/29 ip4:167.216.129.184/29 ip4:167.216.129.182/31 ip4:167.216.129.170/32" "ip6:2800:3f0:4000::/36 ip6:2c0f:fb50:4000::/36 ip6:2001:4860:4000::/36 ip6:2404:6800:4000::/36 ip6:2607:f8b0:4000::/36 ip6:2a00:1450:4000::/36 include:_s3.australianfitnesssupplies.com.au ~all"

Beyond splitting, you can also optimize your SPF record to reduce its overall length. This involves auditing your existing SPF record for unnecessary or redundant entries. For example, some email service providers might include domains that are no longer in use, or you might have multiple include mechanisms pointing to the same service. Eliminating these can significantly shorten your record.

The 255-character string limit

While SPF records are primarily concerned with the 10 DNS lookup limit, the raw character length of your SPF TXT record is a separate but equally important consideration. Exceeding the 255-character string limit can prevent your SPF record from being published or properly parsed by mail servers, regardless of its lookup count. This is a common issue with providers like AWS Route 53 and other DNS services. For more on managing DNS TXT record lengths, see our guide on why your SPF record is too long.

While manual splitting and optimization are viable, some businesses opt for automated SPF flattening services. These services typically provide a single include mechanism that points to their platform, which then dynamically resolves and presents the full list of authorized IPs. This approach ensures your SPF record is always up to date, even if the underlying IP ranges of your email service providers change frequently.

Manual splitting and optimization

Direct control: You have full oversight of every entry and character in your SPF record.
Cost-effective: No recurring fees for a third-party service.
Learning opportunity: Deepens your understanding of DNS and SPF mechanics.

Potential drawbacks

Manual updates: Requires manual updates if IP addresses or includes change, risking outdated records.
Time-consuming: Can be complex and time-intensive for large or frequently changing SPF records.

Automated flattening services

Dynamic updates: Services automatically keep your record current with changing IP addresses.
Simplified management: Reduces manual effort and the risk of human error.
Addresses both limits: Can solve both the 10-lookup limit and the 255-character string limit.

Potential drawbacks

Dependency on third-party: Relies on the service provider's uptime and accuracy.
Cost: Typically involves a subscription fee.

Remember that if you choose to use a flattening service like autospf.com, you still need to ensure their output can be inserted without triggering the character limit, as some services might not account for the splitting of the TXT record itself. Always verify the resulting length and split it manually if necessary.

Verifying your SPF record changes

After modifying or splitting your SPF record, it's essential to verify that the changes have been implemented correctly and that your email authentication is working as expected. You can use online SPF validation tools to check your record's syntax and ensure it resolves correctly. Pay close attention to any warnings or errors related to character length or DNS lookups.

Keep in mind that DNS changes can take time to propagate across the internet. After making updates, allow sufficient time for the changes to reflect globally before retesting. This can range from a few minutes to several hours, depending on your DNS provider's TTL (Time To Live) settings.

Long-term management of your SPF records

Resolving the 'CharacterStringTooLong' error is often a one-time fix for a specific SPF record configuration. However, managing your SPF records (and overall email authentication, like DMARC and DKIM) is an ongoing process. Email service providers frequently update their IP ranges or introduce new sending domains, which could necessitate changes to your SPF record.

Regularly reviewing your SPF record, especially after adding new email sending services or making changes to your infrastructure, is a key best practice. This helps prevent future 'CharacterStringTooLong' errors and ensures your emails continue to authenticate correctly, protecting your domain from spoofing and maintaining good email deliverability.

Ensuring robust email authentication

Overcoming the 'CharacterStringTooLong' error is a critical step in ensuring the integrity of your SPF record and, by extension, your email deliverability. By understanding the 255-character TXT string limit, employing proper splitting techniques, and diligently optimizing your record, you can prevent authentication failures and ensure your legitimate emails reach their intended inboxes.

Views from the trenches

Best practices

SPF records should be regularly audited, especially when using third-party services, to ensure they remain within DNS and lookup limits.

Always verify the resulting length of your SPF record after flattening and split it manually if it exceeds the 255-character string limit.

Common pitfalls

Assuming SPF flattening tools automatically handle the 255-character TXT record limit, leading to the 'CharacterStringTooLong' error even if DNS lookup limits are addressed.

Not accounting for potential changes in IP ranges for email service providers, which can render statically flattened SPF records outdated.

Expert tips

For frequently changing IP ranges, a dynamic SPF flattening service can be beneficial, but be aware of potential staleness if not actively managed.

Focus on optimizing your SPF record by removing unnecessary or redundant entries to reduce its overall length before resorting to extensive flattening.

Marketer view

Marketer from Email Geeks says: I encountered the 'CharacterStringTooLong' error when trying to flatten an SPF record for a client using Route 53, even when splitting it into several records. This made me wonder if it was a syntax problem on our end.

2019-10-29 - Email Geeks

Expert view

Expert from Email Geeks says: When you flatten an SPF record, ensure you're splitting the resulting string into multiple TXT records if it exceeds the 255-character limit for a single DNS TXT entry. Many flattening tools address DNS lookups but not the overall string length.

2019-10-29 - Email Geeks