27

Right now I have SPF IP4 and IP6 as two separate records, but IPv6 is not being recognized by Gmail. Should I merge them? It looks like this currently. How should it be configured?

  A   3600     0  78.46.138.249
 MX   3600    10  mx.zohomail.com
 MX   3600    20  mx2.zohomail.com
 NS   3600     0  ns1.loopia.se
 NS   3600     0  ns2.loopia.se
TXT   3600     0  "v=spf1 ip4:78.46.138.249 ~all"
TXT    300     0  "v=spf1 ip6:2a01:4f8:d16:1355::2 +all"

GMail:

Received-SPF: softfail (google.com: domain of transitioning info@dadilja.rs does not designate 2a01:4f8:d16:1355::2 as permitted sender) client-ip=2a01:4f8:d16:1355::2;
TRiG
  • 10,148
  • 7
  • 57
  • 107
srgb
  • 4,783
  • 6
  • 29
  • 45

2 Answers2

37

I think this is a duplicate of Will adding a second SPF record mess up my DNS? on Server Fault.

In short: yes, you must merge them. The specs do not allow multiple SPF records.

The resultant merged record should be:

TXT "v=spf1 ip4:78.46.138.249 ip6:2a01:4f8:d16:1355::2 ~all"
Community
  • 1
  • 1
Sander Steffann
  • 9,509
  • 35
  • 40
  • Could you add an example to your post on how to merge them? – Martijn Jul 23 '14 at 12:12
  • 6
    In this (simple) example the resulting record would be `TXT "v=spf1 ip4:78.46.138.249 ip6:2a01:4f8:d16:1355::2 ~all"` – Sander Steffann Jul 23 '14 at 12:33
  • Note that it seems preferred to use "-all" instead of "~all": https://serverfault.com/questions/355511/is-using-softfail-over-fail-in-the-spf-record-considered-best-practice/752911#752911 – baptx Dec 01 '17 at 18:09
11

Yes it is possible and it works, a SPF with both ip6 & Ip4 would look like:

"v=spf1 ip4:XX.XX.XX.XX ip6:XXXX:XXXX:XXXX:XXXX:XXXX:XXXX:XXXX:XXXX ~all"

You can also in both cases add a CIDR (basis: /32 for ipv4 & /128 for ipv6) after each address to authorize a network range rather than a host.

Nicolas Guérinet
  • 2,086
  • 1
  • 29
  • 38