After enabling Sender Policy Framework (under Sender Authentication on Symantec Messaging Gateway), the SPF validation may fail when the domain's SPF record contains multiple strings separated by double quotes ("). This issue will occur when the string interrpution in domain's SPF record is in the middle of a word (e.g. "v=spf1 string of t" "ext")
Example of domain's SPF record with multiple strings:
symantec.com text = "v=spf1 include:spf.symantec.com ip4:22.214.171.124 include:spf.messagelabs.com include:spf-ilg.symantec.com i" "nclude:spf-mtv.symantec.com ip4:126.96.36.199 ip4:188.8.131.52 ip4:184.108.40.206 ~all"
From: Sender Policy Framework (SPF) RFC 7208 http://tools.ietf.org/html/rfc7208
3.3. Multiple Strings in a Single DNS Record
As defined in [RFC1035], Sections 3.3 and 3.3.14, a single text DNS record can be composed of more than one string. If a published record contains multiple character-strings, then the record MUST be
treated as if those strings are concatenated together without adding spaces. For example:
IN TXT "v=spf1 .... first" "second string..."
is equivalent to:
IN TXT "v=spf1 .... firstsecond string..."
TXT records containing multiple strings are useful in constructing records that would exceed the 255-octet maximum length of a character-string within a single TXT record.
When Messaging Gateway (SMG) attempts to validate a domain whose SPF record contains multiple Strings and the line break is in the middle of a word, the SenderAuth module fail and can’t validate the sender.
Symantec is aware of this issue and will solve it as soon as possible. Please subscribe to this document to be automatically notified of any changes.
If you are trying to validate your own domain, please remove the break line if it’s possible.
Symantec Messaging Gateway 10.5.2 with SPF validation enabled.