What is the typical DNS record length limit and what should I do if my provider has a smaller limit?

Key findings

• Common limit: The typical character limit for a single TXT record string (which includes SPF, DKIM, and BIMI records) is 255 characters. However, the overall record can often span multiple strings.
• Provider inconsistencies: Some DNS hosting providers (especially older or less sophisticated ones) may impose much smaller limits, such as 87 characters, or struggle with multi-string TXT records or underscores in CNAMEs.
• Impact on authentication: Exceeding these limits can break email authentication protocols. For example, a DKIM key that is too long can lead to verification failures.
• SPF specifics: SPF records also have a hard limit of 10 DNS lookups, which can be hit quickly with long records or extensive includes.

Key considerations

• Provider compatibility: Always confirm your DNS provider's specific limitations, especially for TXT records used in email authentication. Some providers (e.g., IONOS) offer robust DNS management.
• DKIM workaround: If a DKIM key is too long, it can often be split into multiple strings within a single TXT record, provided your DNS provider supports this. This is a common solution for 2048-bit keys.
• SPF flattening: For SPF records hitting length or lookup limits, consider using an SPF flattening service to consolidate includes and reduce lookups.
• Switching providers: If your current DNS host cannot accommodate standard record lengths or best practices, migrating to a more capable provider might be necessary to ensure optimal email deliverability.

Key opinions

• BIMI challenges: Some marketers have encountered providers claiming even an 87-character BIMI record is too long, despite this being well within standard limits.
• DKIM length: Moving to longer DKIM keys (e.g., 2048-bit) frequently exposes hidden limitations with DNS providers, requiring workarounds or provider changes.
• Outdated practices: The issue of DNS record length is often seen as a problem that should have been resolved by modern DNS hosting solutions years ago.
• Underscore issues: Some older cPanel versions, or similar systems, might incorrectly handle underscores in CNAME records, further complicating DNS setup for services like DMARC or DKIM.

Key considerations

• Provider limitations: Before implementing new email authentication standards, verify your DNS provider's capabilities regarding TXT record length and special characters (like underscores).
• Workarounds: Be aware of potential workarounds, such as splitting DKIM records into multiple strings, to circumvent restrictive provider limits.
• DNS provider review: If a DNS provider consistently poses issues with standard record configurations, it may be time to consider migrating to one that offers more flexibility and better compliance with modern DNS standards.
• Authentication impact: Recognize that DNS record issues directly affect authentication (SPF, DKIM, DMARC), which in turn impacts email deliverability and reputation.

Key opinions

• Standard compliance: Modern DNS hosting should fully comply with RFCs, allowing TXT records to be split into 255-character chunks, making an 87-character limit highly unusual and restrictive.
• Security vs. deliverability: Increasing DKIM key sizes to 2048 bits for enhanced security is a best practice, but DNS providers must support the resultant longer record lengths through proper concatenation of strings.
• Provider choice matters: A DNS provider that cannot accommodate standard record lengths for BIMI or DKIM is unsuitable for email senders aiming for optimal deliverability and authentication.
• Beyond length: While record length is a factor, the SPF 10-lookup limit is a distinct but related challenge that requires careful management, often through strategic SPF record formatting.

Key considerations

• Evaluate DNS services: Regularly assess your DNS provider's capabilities against current email authentication standards. A provider preventing proper record setup will inevitably harm your sender reputation and inbox placement.
• Use multi-string TXT records: For longer records like 2048-bit DKIM keys, utilize the ability to split the data into multiple 255-character strings. Ensure your DNS provider correctly concatenates these strings into a single logical record.
• Consider SPF flattening: To manage the SPF 10-lookup limit, which can be exacerbated by numerous includes or overly long records, explore SPF flattening services.
• Migration readiness: Be prepared to migrate DNS services if your existing provider cannot support necessary configurations, as this is a fundamental requirement for reliable email sending. Proper migration ensures minimal disruption to email flow.

Key findings

• RFC standard: According to DNS RFCs, a single TXT record string can contain up to 255 characters. This applies to records for SPF, DKIM, and BIMI.
• Multi-string records: For records longer than 255 characters (e.g., 2048-bit DKIM keys), the data should be split into multiple 255-character strings, which DNS servers concatenate back into a single logical record.
• SPF character and lookup limits: SPF records must adhere to the 255-character per string rule and, critically, a 10-DNS-lookup limit, which is a common cause of authentication failures.
• DKIM key length: DKIM keys, especially 2048-bit ones, often exceed 255 characters and require proper splitting across multiple TXT record strings for DNS providers to handle them correctly.

Key considerations

• Adherence to standards: DNS providers must fully comply with RFC specifications for TXT records to avoid issues with modern email authentication protocols. Non-compliant providers will inevitably cause deliverability problems.
• SPF complexity: Managing SPF records requires careful attention to both character length and the number of DNS lookups to avoid exceeding limits and causing authentication failures.
• DKIM key management: When generating DKIM keys, especially longer ones, ensure your DNS provider properly handles the splitting and concatenation of the key across multiple TXT record strings.
• BIMI record requirements: BIMI records, while often shorter than DKIM keys, are still TXT records and must conform to the same DNS length and formatting rules. Providers must support this for successful BIMI implementation.