Tuesday, September 6, 2022

Changing SPF Record in AWS Route53

 SPF (Sender Policy Framework) is an email authentication protocol that checks the senders IP address against a list of IP’s located on the domain listed in the Return Path of the email. This list is known as the SPF record.

On AWS Route53 DNS, you an add SPF record as TXT record. Back in the days, you would have to add multiple IPs in your TXT record in the Route53 which soon becomes way too large and unmanageable. Then you start hitting the limits. The best way is to get a dynamic SPF record from your email security provider and then use that one in the DNS. 

When you make the change, you might notice SoftFail in results when you verify that SPF record. SPF Failure occurs when the senders IP address is not found in the SPF record. This can mean the email is sent to spam or discarded altogether. You can ignore the SoftFail for now. If everything is fine, then you would receive something like following from the MX Tool SPF checker.

SPF Record Published SPF Record found

Status Ok SPF Record Deprecated No deprecated records found

Status Ok SPF Multiple Records Less than two records found

Status Ok SPF Contains characters after ALL No items after 'ALL'.

Status Ok SPF Syntax Check The record is valid

Status Ok SPF Included Lookups Number of included lookups is OK

Status Ok SPF Type PTR Check No type PTR found

Status Ok SPF Void Lookups Number of void lookups is OK

Status Ok SPF MX Resource Records Number of MX Resource Records is OK

Status Ok SPF Record Null Value No Null DNS Lookups found


Hope that helps.

No comments: