After enabling Sender Policy Framework (under Sender Authentication on Symantec Messaging Gateway), the SPF validation may fail when the domain's SPF record contains multiple strings separated by double quotes ("). This issue will occur when the string interrpution in domain's SPF record is in the middle of a word (e.g. "v=spf1 string of t" "ext")

Example of domain's SPF record with multiple strings:

symantec.com    text = "v=spf1 include:spf.symantec.com ip4:207.38.45.154 include:spf.messagelabs.com include:spf-ilg.symantec.com i" "nclude:spf-mtv.symantec.com ip4:63.245.193.25 ip4:63.245.197.25 ip4:63.245.201.25 ~all"

Additional information:

From: Sender Policy Framework (SPF) RFC 7208 http://tools.ietf.org/html/rfc7208

3.3. Multiple Strings in a Single DNS Record


As defined in [RFC1035], Sections 3.3 and 3.3.14, a single text DNS record can be composed of more than one string. If a published record contains multiple character-strings, then the record MUST be
treated as if those strings are concatenated together without adding  spaces. For example:

IN TXT "v=spf1 .... first" "second string..."

is equivalent to:

IN TXT "v=spf1 .... firstsecond string..."

TXT records containing multiple strings are useful in constructing records that would exceed the 255-octet maximum length of a character-string within a single TXT record.  

When Messaging Gateway (SMG) attempts to validate a domain whose SPF record contains multiple Strings and the line break is in the middle of a word, the SenderAuth module fail and can’t validate the sender.

Symantec is aware of this issue and will solve it as soon as possible. Please subscribe to this document to be automatically notified of any changes.

If you are trying to validate your own domain, please remove the break line if it’s possible.

Applies To

Symantec Messaging Gateway 10.5.2 with SPF validation enabled.