How to create SPF record for many IPs (SPF longer than 255 characters)

Question

For example I have an array with this ips and want to create with my code an long spf record:

$array_ips = array();
$array_ips[] = "32.16.8.133"; 
$array_ips[] = "32.16.4.247";
$array_ips[] = "35.16.8.184";
$array_ips[] = "32.16.8.127";
$array_ips[] = "32.16.8.134";
$array_ips[] = "32.16.2.154";
$array_ips[] = "32.16.2.153";
$array_ips[] = "32.16.2.150";
$array_ips[] = "39.16.2.190";
$array_ips[] = "32.16.2.128";
$array_ips[] = "32.16.0.128";
$array_ips[] = "32.16.8.187";
$array_ips[] = "43.16.8.185";
$array_ips[] = "32.16.8.192";
$array_ips[] = "32.16.4.249";
$array_ips[] = "52.16.4.252";
$array_ips[] = "32.16.4.238";
$array_ips[] = "32.16.4.232";

$ips = implode(' ip4:', $array_ips);

echo "v=spf1 +a +mx".$ips." -all";

The spf record would be:

v=spf1 +a +mx ip4:32.16.8.133 ip4:32.16.4.247 ip4:32.16.8.184 ip4:32.16.8.127 ip4:32.16.8.134 ip4:32.16.2.154 ip4:32.16.2.153 ip4:32.16.2.150 ip4:32.16.2.190 ip4:32.16.2.128 ip4:32.16.0.128 ip4:32.16.8.187 ip4:32.16.8.185 ip4:32.16.8.192 ip4:32.16.4.249 ip4:32.16.4.252 ip4:32.16.4.238 ip4:32.16.4.232 -all 

Characters: 307

The Problem is, that an SPF only can be max. 255 characters long. No possibility to add such a long string in plesk or cpanel in txt dns record. I have heared that if could be possible to do it like this "v=spf1 .... first" "spf second string..." .

But does it realy work? How to do it by generating it in my example above?

Answer 1

You could do something like the below if your happy to allow a /24 subnet for a couple of IP's. You could even subnet it correctly if you fancied. It's cut down your list drastically anyways.

<?php

$array_ips = array();
$array_ips[] = "32.16.8.133"; 
$array_ips[] = "32.16.4.247";
$array_ips[] = "35.16.8.184";
$array_ips[] = "32.16.8.127";
$array_ips[] = "32.16.8.134";
$array_ips[] = "32.16.2.154";
$array_ips[] = "32.16.2.153";
$array_ips[] = "32.16.2.150";
$array_ips[] = "39.16.2.190";
$array_ips[] = "32.16.2.128";
$array_ips[] = "32.16.0.128";
$array_ips[] = "32.16.8.187";
$array_ips[] = "43.16.8.185";
$array_ips[] = "32.16.8.192";
$array_ips[] = "32.16.4.249";
$array_ips[] = "52.16.4.252";
$array_ips[] = "32.16.4.238";
$array_ips[] = "32.16.4.232";


$subnetArr = [];

foreach ($array_ips as $k=>$v ) {

    $i = strrpos($v, '.');
    $testSub = substr($v, 0, -(strlen($v) - $i));

    if (in_array("ip4:" . $testSub . ".1/24", $subnetArr)) {

        //Do something here or change condition

    } else {

        array_push($subnetArr,"ip4:" . $testSub . ".1/24");

    }
}


$ips = implode(' ', $subnetArr);
echo "v=spf1 +a +mx ".$ips." -all";

Output

v=spf1 +a +mx ip4:32.16.8.1/24 ip4:32.16.4.1/24 ip4:35.16.8.1/24 ip4:32.16.2.1/24 ip4:39.16.2.1/24 ip4:32.16.0.1/24 ip4:43.16.8.1/24 ip4:52.16.4.1/24 -all

Edit:

Just changed so it actually echo's SPF!

Answer 2

You can break it up into multiple include's..

"v=spf1 mx a include:iprange1.example.com include:iprange2.example.com -all"

Then under each include DNS you'll have

iprange1.example.com = "v=spf1 ip4:32.16.8.133 ... -all"
iprange2.example.com = "v=spf1 ip4:32.16.4.238 ... -all"

This will gave you a lot more room because you'll be able to include 8 includes along with your mx and a

Then each include can hold 16 ip4 addresses that will get your around 128 IP addresses that your can't CIDR.

Edit - iprange1 --> iprange2 on line 2 of 2nd code snippet

Answer 3

You'll need to do by sub-net. Use the standard IP4 sub-net notation:

"v=spf1 ip4:192.168.0.1/16 -all"

Allow any IP address between 192.168.0.1 and 192.168.255.255.

Answer 4

I have found the solution:

 echo "v=spf1 +a +mx ( "'.implode('" "',$array_ips).' " ) -all";

but the page i found it is not in enlish. (spaces are requierd and () )

http://www.nullpointer.at/keyword/spf/

Translated:

The TXT record is too long. Here, in this example, the TXT record was split into several lines. The syntax for this is: brace on (then in quotation marks "first part " next line in quotation marks "second part", etc., and finally parenthesis). Important: Do not forget the blanks within each section enclosed in quotation marks: "first part" "second part" is then composed to "first partsecond part".