After enabling Sender Policy Framework (under Sender Authentication on Symantec Messaging Gateway), the SPF validation may fail when the domain's SPF record contains multiple strings separated by double quotes ("). This issue will occur when the string interrpution in domain's SPF record is in the middle of a word (e.g. "v=spf1 string of t" "ext")
Example of domain's SPF record with multiple strings:
As defined in [RFC1035], Sections 3.3 and 3.3.14, a single text DNS record can be composed of more than one string. If a published record contains multiple character-strings, then the record MUST be
treated as if those strings are concatenated together without adding spaces. For example:
IN TXT "v=spf1 .... first" "second string..."
is equivalent to:
IN TXT "v=spf1 .... firstsecond string..."
TXT records containing multiple strings are useful in constructing records that would exceed the 255-octet maximum length of a character-string within a single TXT record.
When Messaging Gateway (SMG) attempts to validate a domain whose SPF record contains multiple Strings and the line break is in the middle of a word, the SenderAuth module fail and can’t validate the sender.
Symantec is aware of this issue and will solve it as soon as possible. Please subscribe to this document to be automatically notified of any changes.
If you are trying to validate your own domain, please remove the break line if it’s possible.
Symantec Messaging Gateway 10.5.2 with SPF validation enabled.
Imported Document ID: TECH226620
Subscribing will provide email updates when this Article is updated. Login is required.