Knowledgebase

Sort by:
Issue A lead has an Unsubscribe activity logged in their activity history, but they continue to receive emails after the Unsubscribe.     Solution An Unsubscribe activity is logged when the lead clicks the system Unsubscribe link embedded in a Marketo email.  However, if that link takes them to a Preference Center that allows them to select from multiple options, they may not choose the full unsubscribe option and may continue to receive selected emails.   To confirm if this is the case, find the Unsubscribe activity in their activity log and double-click on the activity to open it. This will show you the choices they selected in the email preferences form.  In the example below, the lead did not fully unsubscribe, they only chose to unsubscribe from specific content. Since they did not choose the global unsubscribe, they will continue to receive some emails.    
View full article
Issue You see a record in the database has something similar to the following Email Suspended Cause: "554- Your access to this mail system has been rejected due to the sending MTA's poor reputation. If you believe that this failure is in error, please contact the intended recipient via alternate means." Solution The 554 error is generated by a hard bounce due to a spam block. It is possible that one of the sending IP addresses used may have been on a temporary blacklist the day of the attempted send. This happens while using shared IPs when another Marketo instance using the same IP hits a spam trap, putting the IP on a blacklist for 24 hours. This error can also happen to users on a dedicated IP if they hit a spam trap with one of their email sends.        
View full article
Issue Issue Description How to add a seed list in a batch Smart Campaign or Email Program.     Solution Issue Resolution Import the seed list addresses into an appropriately-named static list Add a filter in the Program/Campaign Smart List to include the static list. The trick will be to make sure the filter logic is correct. Advanced Logic may need to be used in the Smart List of the Program/Campaign. For example, if there's a sending campaign with 5 filters to send to an audience 1 AND 2 AND 3 AND  (4 OR 5) then you will want to use Advanced Logic and put parentheses around the original filter set (1 AND 2 AND 3 AND  (4 OR 5)) and add the seed list outside the parentheses with OR logic (1 AND 2 AND 3 AND  (4 OR 5)) OR 6 In that advanced logic, the original intended membership (1 through 5) exist within its own set of parentheses and the Seed List is included in addition (OR 6).
View full article
Issue You would like to understand the difference between "Send email" and "Delivered email" activity. Solution Send email activity confirms that the email which you have sent has been dispatched from Marketo to be delivered. Delivered email activity is recorded when the recipient email server responds that the email has been accepted for delivery. Delivered email activity doesn't actually mean that email has been delivered to lead's email inbox. For more information on what happens to the email once it reaches the recipient email server, check out this blog post: https://nation.marketo.com/community/support_solutions/blog/2016/02/26/between-the-delivery-and-the-inbox-what-happens.    
View full article
  This is a article attached image Upon signing a contract with Marketo you are provisioned a Marketo instance and a Support Service. There are four different types of Support Services which are available to meet different customer support needs: Online (Legacy) Business or PREMIER SUPPORT BUSINESS (Legacy) Premier or PREMIER SUPPORT ENTERPRISE (Legacy) Elite or PREMIER SUPPORT ELITE Each Support Service has a different Service Level Target (SLT). An SLT is the amount of time Marketo Support targets to make first contact with you after a support case has been submitted. SLTs differ for each Support Service and priority level. Priority levels range from Priority P1 to Priority P4. Here are the SLTs and priority levels for each Support Service:   Priority Online (Legacy) Business PREMIER SUPPORT BUSINESS (Legacy) Premier PREMIER SUPPORT ENTERPRISE (Legacy) Elite PREMIER SUPPORT ELITE P1 1 hour 1 hour 1 hour 30 minutes 30 minutes 30 minutes 15 minutes P2 4 hours 3 hours 2 hours 2 hours 1 hour 2 hours 30 minutes P3 6 hours 5 hours 4 hours 4 hours 2 hours 2 hours 1 hour P4 3 days 1 day 1 day 1 day 1 day 1 day 1 day   Here are the descriptions for each priority level: Priority Description P1 Mission Critical: Core business function down or potential loss of mission critical data P2 Urgent: Major feature or workflow is not functioning. Mission critical workflow and majority of user community is not blocked P3 Important: Normal usability or task completion is impacted but functional, or workaround is available P4 Minor: Minor issue requiring a correction. Normal workflow is not impacted   Find more information About Support here!  
View full article
No, unfortunately we are unable to tell you what the spam trap address is. We don’t even know it ourselves! Spam trap addresses are proprietary to the blocklists that own them. Anti-spam professionals use spam trap addresses to track unsolicited emails. If a spam trap is known by the offending sender, the sender could simply remove the spam trap address from their lists and never actually address the data problem that caused that spam trap address to be included in their lists to begin with. Instead of asking what the spam trap address is, try to identify the source of the trap address and eliminate bad data sources from your mailing lists. You should be able to identify the email campaign that caused the blocklist issue, so you should start with those lists. To narrow it down and identify the problematic data source, you should consider the following: Have you recently added any new leads or new lead sources? What is the source of these leads? Any purchased or appended email addresses should be removed, because these data sources are often the source of newly introduced spamtraps. In addition, using purchased or appended email addresses for mailing is a violation of Adobe’s Email Use and Anti-Spam Policy. Have you added any older leads that have not been mailed to recently? Some email providers will turn an email address into a spam trap after a year of inactivity. If you have a list of addresses that has not been mailed in a year or more, this list should be removed. Does your system use any custom fields to indicate customer status, event attendance, recent contact with your sales team, or other forms of engagement? If so, take advantage of this and isolate the inactive or non-responsive segments of your database using all of the activity data you have available. Is there anything about this specific mailing that makes it different compared to your previous email campaigns? Did you send any other mail on the same day? If so, you should compare the recipient lists. Think you have narrowed in on the problem? Check out our guide to blocklist remediation to find out what to do with that bad list and complete the remediation program.   Additional Resources: What is a spamtrap, or spam trap, and why does it matter? What is a blocklist? How does Marketo respond to blocklisting and spam notifications? Top blocklists - What you need to know Blocklist Remediation Successful Reconfirmation Blocklist Deep Dive Blocklist FAQ   Is this article helpful ? YesNo  
View full article
We manage our network to provide our customers with the highest server availability and best deliverability possible.  Marketo Engage has a strong anti-spam policy and a team that handles blocklist notifications in our IP space and spam complaints.  We also cooperate with most major anti-spam providers and ISPs.  In addition, we maintain feedback loops for many of the most popular email providers.  For more information on feedback loops and ISPs with whom we have this arrangement, click here. Blocklistings are usually caused by sending mail to a spam trap email address.  For an explanation on what causes blocklisting, click here. When we receive notification of a blocklisting, we react in two ways.  First, we go through the procedures to remove the listing from that blocklist as soon as possible.  Second, we determine (if possible) which of our customers caused the blocklisting and work with them to improve their mailing lists to prevent a reoccurrence in the future.  This is usually a cooperative process, most frequently, a review of mailing policies and strategic pruning of a customer’s lead database will return them to best practices.   Blocklists: Frequently Asked Questions   Is this article helpful ? YesNo  
View full article
We have enhanced the behavior of the unsubscribe functionality to make it “durable”.  We have added a master email status, which is separate from the unsubscribe flag visible on the lead detail record.   If the unsubscribe flag is set from false to true, the master email status is updated, and the change is propagated to other leads with the same email address. Update the Unsubscribe flag from True to False (e.g. Re-subscribe a lead) When a lead is imported, the unsubscribe flag WILL NOT be overwritten by the import. Here are the ways a lead can be re-subscribed: 1.   In SFDC, uncheck the Email Opt Out field.  This WILL sync to Marketo. 2.   Manually update the lead detail record by un-checking the unsubscribe flag 3.   Run a Change Data Value Flow Action on one or many leads a.  Select the attribute “unsubscribe” and set the value to False 4.   Update an existing lead via SOAP API 5.   Form Field – set a field on a form to set the unsubscribe flag to “false” and this will unsubscribe the lead a. Best practice would be to have text on the form that says that by filling out this form, they are agreeing to receive email communication Creating a New Lead When a new lead is created, we check it against the master email status table.  If the lead was previously unsubscribed, we will update the record to be unsubscribed.   Changing an email address If you change the email address of a lead to an unsubscribed email address, the lead will be unsubscribed.  This change can occur in either Marketo or SFDC. If you change an unsubscribed email address to one that is subscribed, the lead will be subscribed.    
View full article
We manage our network to provide our customers with the highest server availability and best deliverability possible.  Marketo has a strong anti-spam policy and a team that handles blacklist notifications in our IP space and spam complaints.  We also cooperate with most major anti-spam providers and ISPs.  In addition, we maintain feedback loops for many of the most popular email providers.  For more information on feedback loops and ISPs with whom we have this arrangement, click here. Blacklistings are usually caused by sending mail to a spam trap email address.  For an explanation on what causes blacklisting, click here. When we receive notification of a blacklisting, we react in two ways.  First, we go through the procedures to remove the listing from that blacklist as soon as possible.  Second, we determine (if possible) which of our customers caused the blacklisting and work with them to improve their mailing lists to prevent a reoccurrence in the future.  This is usually a cooperative process, most frequently, a review of mailing policies and strategic pruning of a customer’s lead database will return them to best practices.    
View full article
  Quick points: *Spamtraps are addresses owned by antispam organizations *Emailing a spamtrap (usually) gets your IP or domain blacklisted *Maintain current, direct opt-in with an active lead database to avoid this     What is a spam trap or spamtrap?   A spam trap, or spamtrap is an email address secretly owned by an antispam organization that is used to detect spam. Antispam organizations do not sign up for mailing lists, so they consider any email sent to these addresses to be spam. Once email is sent to the spamtrap, the antispam organization that owns this address will blacklist the IP that sent the email (or, less often, domains that are linked in the message).   Email administrators purchase subscriptions to various blacklists, and use the lists to block all incoming email from listed IPs or containing listed domains. From the marketer’s perspective, this can mean a high number of bounced emails leading to low lead engagement, and ultimately to weak revenue performance.   There are two types of spamtraps – pristine traps, and repurposed/recycled traps. A pristine trap is an email address that was never used by a person. A repurposed trap is an email address that once belonged to someone but is no longer a valid address; these addresses will bounce as bad addresses for at least six months before an antispam organization will turn them into live traps.<   How can a spamtrap get into my Marketo lead database?   Purchased data   Purchased data is unreliable. The antispam world does not like the use of purchased data so antispam administrators have made a concerted effort to get spamtrap addresses into the databases of data vendors. While data vendors may say they provide opt-in data in reality consent should be direct to your company./p> Sending unsolicited email is prohibited by the Marketo Terms of Use because this practice has a high risk of causing blacklist issues that can destroy deliverability for multiple Marketo customers. To avoid spam traps get direct opt-in before sending email. If you have purchased data in the past we recommend setting any inactive purchased leads to marketing suspended or simply removing them from your database. Old data Repurposed traps are email addresses that were once valid but are now owned by an antispam organization. This can happen when a company goes out of business; expired domains are often purchased by antispam organizations. Sometimes a company that has a direct partnership with an antispam organization will allow email addresses of former employees or users to become spamtraps. Because antispam organizations will generally make sure future spam traps return a bounce as bad addresses for at least six months before they become spam traps you can prevent repurposed traps in your database by emailing remaining engaged with everyone in your database at least once every six months. Avoid “wake the dead” campaigns to addresses you have not contacted in more than six months. Unconfirmed form entries People can unintentionally enter spamtrap addresses into forms either by making a typo or by intentionally using a fake email address that happens to be a spamtrap. If you use single opt-in, you may add spamtraps to your mailing list. This is more likely to happen if you are a B2C company or if someone thinks they can get whitepapers or free trials simply by filling out a form with made-up information.   How can I identify spamtrap addresses?   Spamtrap addresses are considered trade secrets by the antispam organizations. They do not share these addresses because their goal is for senders to change their mailing practices rather than to simply remove spamtraps from their mailing lists.   That said, one thing we do know about spamtraps is that they tend to be automated processes and do not engage. Spamtraps do not click links. You can use smart list filters to identify inactive leads in Marketo.   How can I prevent spamtraps in my database? Maintain active, direct opt-in for all leads. Don’t purchase data. (To grow your list, sponsor events, use list rental services that send the first message for you, or use co-branded content that sends you only good leads) Email everyone you want to email at least once every six months Don’t add old data directly to your mailing list. (If you need to, add in small batches and send a welcome email with a slightly different subject to each batch.) Regularly clean your database of inactive leads Grant access to assets such as free trials and whitepapers as email links to discourage intentional use of fake email addresses on forms Use scripting on your forms to identify potential typos
View full article
Overview   A blacklist is a database of IP addresses or domains that have been associated with the sending of unsolicited commercial email or spam.  Internet Service Providers (ISPs) and business email networks use information from blacklists to filter out unwanted email.  As a result there can be a drop in inbox delivery rates or overall delivery rates if the IPs or domains involved with sending email are listed on a blacklist. Marketo’s Email Delivery and Compliance team monitors blacklist activity on our IPs and domains daily. When we are alerted to a listing we reach out to the blacklist, attempt to identify the sender that triggered it, and work with the blacklist organization to get the listing resolved. There are thousands of blacklists out there most will not have a significant impact on your delivery rates. Below we have compiled a list of the blacklists that our customers most commonly encounter. Tier 1 Blacklist Spamhaus Impact: Spamhaus is the only blacklist that we categorize as a tier 1 for a reason: it has by far the greatest impact on delivery of all of the blacklists. It is the most well-respected and widely used blacklist in the world. A listing at Spamhaus will have a negative effect on your ability to deliver emails to your customer’s inbox and can cause bounce rates of over 50%.  Evidence suggests that most of the top North American ISPs use Spamhaus to inform blocking decisions. How it works: Unlike many blacklists, Spamhaus lists senders manually. This means that they are proactively watching sender activity, collecting data, and basing their listings on a number of variables. Most commonly senders are listed for mailing to spam trap addresses that Spamhaus owns. Sometimes Spamhaus will list senders based on recipient feedback as well. Next steps: Our team monitors closely for Spamhaus listings. When we see a listing we immediately alert the customer and contact Spamhaus to start the remediation process. Listings last until Spamhaus is satisfied that the offending sender has taken the appropriate steps to mitigate the problem.   Tier 2 Blacklists SpamCop Impact: SpamCop is not used by any of the major North American ISPs to inform blocking decisions but it makes it to the Tier 2 list because it can have a significant impact on B2B email campaigns. How it works: SpamCop lists IPs for one of two reasons: Either the email hit SpamCop spam trap addresses OR A SpamCop user has reported the email unwanted. Most of SpamCop’s spam traps are previously valid addresses that have not been active for 12 months or longer. Next steps: SpamCop is a dynamic blacklist, listings typically resolve themselves within one business day.  There is no action you will need to take to action the delisting with SpamCop, the Privacy Team researches every SpamCop listing and will request delistings when an alert is received that an IP is listed. If your email activity triggered a SpamCop listing it likely means that you have a list management problem that should be addressed. Manitu Impact: Manitu is a German blacklist and has a wide footprint in Europe.  Email senders with European audiences tend to encounter this blacklist most frequently. Manitu is not used by North American ISPs to inform blacklist decisions but if you’re sending to Europe a listing could be problematic. How it works: Listings are automatically activated when a sender mails to a Manitu owned spam trap address. Next steps: The Privacy Team researches and requests delisting when an alert is received that a Marketo IP is listed.  By working with this blacklist the Privacy Team is usually able to identify the customer and let them know that email activity from their subscription triggered a listing. Because Manitu operates solely on the use of spam trap addresses, getting listed by Manitu is a clear indication that senders need to audit their mailing lists.   Tier 3 Blacklists      SORBS   Impact: The impact of a listing at SORBS is very minimal. How it works: SORBS uses several methods to identify potential spammers. Most of their lists use spam traps to identify problematic senders. But SORBS will also list a sender based on their own user complaints, if SORBS administrators have received spam from the sender, or if they identify other high-level sending behavior patterns characteristic of spammers. Next steps: The Privacy Team monitors SORBS activity and makes delisting requests for Marketo IPs as necessary. Oftentimes, SORBS will refuse to delist within a certain timeframe based on the severity of the issue.  Sometimes this can be up to several weeks.   UCEPROTECT Impact: The impact of a listing at UCEPROTECT is very minimal, though the blacklist has a greater footprint in Europe. The organization does not have a good reputation in the industry because they charge senders to request delisting. How it works: UCEPROTECT lists IPs that send mail to their spam trap addresses. Next steps: We ignore these listings because the only way to have them removed is to pay. The pay-to-delist model is not well respected in the email industry so UCEPROTECT has a very limited reach.   ISP Blacklists   Some ISPs have their own blacklists that they use to inform blocking decisions. A few examples are Comcast and Verizon. If your IP is being blocked by one of these networks, and those networks have a large presence in your lists, a block of this kind could have a noticeable negative impact on delivery. Marketo monitors for this type of ISP specific blacklisting and the the Privacy Team works to resolve these as soon as possible. Usually blocks at Comcast and Verizon are resolved within less than 24 hours of a delisting request.   Additional Resources: Blacklist Deep Dive Abuse Report Deep Dive What is a spamtrap, or spam trap, and why does it matter? Blacklist remediation Blacklist resolution flowchart Successful lead reconfirmation What is a blacklist?
View full article
When someone emails abuse@marketo.com to tell Marketo that they received unsolicited email from one of our customers, the result is called an abuse report.  Instead of just hitting the “Report Spam” button, someone actually took the time to write to our abuse@marketo.com address and explain to us that they never wanted email from the sender.  Because of this direct complaint we take these types of spam reports very seriously. Only about 10% of our customers ever receive any abuse reports at all so it is cause for investigation if you receive one. If you receive notification that someone filed an abuse report against your account review your list management practices. Below are some things to consider: When people sign up to receive emails from you, is it made clear to them that they are giving you permission to email them? Have you recently added any new leads or lead sources? Have you recently added older leads to your database that you have not reached out to in the past 6 months or more? Was there anything about the campaign that was complained about that makes it different from previous campaigns?   In most cases people file these kinds of reports because: They never requested to be on your email list. They did request to be on your email list at some point but have forgotten because they have not heard from you in so long.   The importance of using explicit opt-in in your list building efforts cannot be stressed enough. You should also send to active leads consistently enough that they continue to expect emails from you. The best ways to avoid complaint driven reputation issues is to send to opted-in, engaged recipients. To help with this, a lot of senders clear out their inactive leads every 6 months or so. An inactive lead is a contact that has taken no action in the given time period— they haven't opened an email, clicked a link, visited your webpage, attended a Webinar, and so forth. Inactive leads are a dangerous group to continue mailing to because their behavior proves that they do not want to interact with your mail and will likely complain to Marketo or to their ISPs about it. We have a great resource on how to create a Smart List to remove inactive leads here. If you still need some help, please feel free to reach out to our Support team (support@marketo.com). Additional resources: Abuse Report Deep Dive Blacklist Deep Dive    
View full article
Unfortunately, we can only provide you with whatever information the blacklist provided to us. This information should all be included in the notification email you received from us. If that notification did not contain any information about the email campaign that triggered the blacklist issue, please contact Support.   Additional Resources: Can you give me the spam trap address that triggered the listing? What is a spamtrap, or spam trap, and why does it matter? What is a blacklist? How does Marketo respond to blacklisting and spam notifications? Top blacklists - What you need to know Blacklist Remediation Successful Reconfirmation
View full article
Issue Issue Description An email was sent to leads but immediately returned an 'Email Bounced Soft' Activity Type with the Activity Details stating: 'Details: Empty address: []'   Solution Issue Resolution This is due to a token used in the 'From Address' Field in the Email editor that does not have a valid value or valid default value. For example: {{lead.Partner Email:default=edit me}} The Record's field value for 'Partner Email' is Empty. As there is no value for the record the token would use the default value 'edit me' which is not a valid value. A valid value must be an email string format such as mark@eto.com  
View full article
Issue Is there a limit as to how many domains can be added when adding domains to Marketo Admin > Email > SPF/DKIM     Solution You are able to add as many domains as you wish to the Admin > Email > SPF/DKIM.  The basic requirement is that you have control over the domain DNS.
View full article
Issue You have a lead that is marked as Email Suspended and you are not sure whether they can receive Marketo emails or not. Solution When emails bounce as spam, the lead that bounced is set to "Email Suspended." "Email Suspended" is a historical field.  A more accurate name for this field would probably be "This email was suspended at some point in its history."  The actual suspension only lasts 24 hours. To see if the lead is currently suspended, check the timestamp on the 'Email Suspended' field.  If it is more than 24 hours ago, the lead is not currently suspended and can receive email from your Marketo instance.  However, the "Email Suspended" flag will remain on the lead record for the purposes of future troubleshooting.  It is not possible to set "Email Suspended" to "false" once it has been set to "true."  The "Email Suspended Cause" field will provide the bounce message associated with the most recent spam bounce.    
View full article
Issue You see a soft bounce on a lead and in the details you see it show System send failure: Reply-To address parse error (value of the address) Solution Confirm the tokens you are using are for the proper field and that the value for the field is an email address. The parse error occurs when we cannot generate or create a proper email address in the From Email or the Reply To Email fields. The error will show in the parenthesis the value we tried to put in.. For example Service Department is in the parenthesis, this would be an example of a incorrect field being used.
View full article
Issue Description The exact distinction between the "Email Bounces" and "Email Bounces Soft" filter and trigger is unclear. Issue Resolution The “Email Bounces” trigger or filter will look only at hard bounces, where Marketo received a definitive "No" from the target server. The “Email Bounces Soft” trigger or filter only looks at soft bounces, which occur when we are unable to deliver the email, but did not receive a rejection from the target server. You can use both filters with "OR" logic in order to look at all bounces.
View full article
Issue Description You have a lead that is marked as Email Suspended and you are not sure whether they can receive Marketo emails or not.   Issue Resolution When emails bounce as spam, the lead that bounced is set to "Email Suspended." "Email Suspended" is a historical field.  A more accurate name for this field would probably be "This email was suspended at some point in its history."  The actual suspension only lasts 24 hours. To see if the lead is currently suspended, check the timestamp on the 'Email Suspended' field.  If it is more than 24 hours ago, the lead is not currently suspended and can receive email from your Marketo instance.  However, the "Email Suspended" flag will remain on the lead record for the purposes of future troubleshooting.  It is not possible to set "Email Suspended" to "false" once it has been set to "true."  The "Email Suspended Cause" field will provide the bounce message associated with the most recent spam bounce. Is this article helpful ? YesNo
View full article
Syntax Recommendations Common Look Up mechanisms a: mx: include: ip4: ip6: exists: ptr: all Common Modifiers redirect= exp= An A Record must ALWAYS contain IP address (map host to IP) CNAME (Alias) must contain hostnames. No IPs here NS an MX records must contain host names. No IPs allowed. MX records (for mail servers)  should contain hostnames NOT IPs. Too Many Mechanisms Section 10.1, "Processing Limits" of the SPF RFC 4408 specifies the following in regards to DNS lookups: SPF implementations MUST limit the number of mechanisms and modifiers that do DNS lookups to at most 10 per SPF check, including any lookups caused by the use of the "include" mechanism or the "redirect" modifier.  If this number is exceeded during a check, a PermError MUST be returned.  The "include", "a", "mx", "ptr", and "exists" mechanisms as well as the "redirect" modifier do count against this limit.  The "all", "ip4", and "ip6" mechanisms do not require DNS lookups and therefore do not count against this limit. The "exp" modifier does not count against this limit because the DNS lookup to fetch the explanation string occurs after the SPF record has been evaluated. This limit is in place to prevent SPF lookups from being a useful avenue for Denial of Service attacks. Using an example SPF record as an example to illustrate, this record was breaking with 12 look-ups: example.com text = "v=spf1 include:_spf-a.example.com include:_spf-b.example.com include:_spf-c.example.com include:_spf-ssg-a.example.com include:spf-a.anotherexample.com ip4:131.107.115.215 ip4:131.107.115.214 ip4:205.248.106.64 ip4:205.248.106.30 ip4:205.248.106.32 ~all" [ 5 mechanisms] _spf-a.example.com  text = "v=spf1 ip4:216.99.5.67 ip4:216.99.5.68 ip4:202.177.148.100 ip4:203.122.32.250 ip4:202.177.148.110 ip4:213.199.128.139 ip4:213.199.128.145 ip4:207.46.50.72 ip4:207.46.50.82 a:mh.example.m0.net ~all"  [ +1 = 6 mechanisms] mh.example.m0.net a = 209.11.164.116 _spf-b.example.com text = "v=spf1 include:spf.messaging.example.com ip4:207.46.22.35 ip4:207.46.22.98 ip4:207.46.22.101 ip4:131.107.1.27 ip4:131.107.1.17 ip4:131.107.65.22 ip4:131.107.65.131 ip4:131.107.1.101 ip4:131.107.1.102 ip4:217.77.141.52 ip4:217.77.141.59 ~all" [+1 = 7 mechanisms] spf.messaging.example.com text = "v=spf1 include:spfa.anotherexample.com include:spfb.anotherexaple.com include:spfc.anotherexample.com -all"  [+3 = 10 mechanisms] spfa.anotherexample.com  text = "v=spf1 ip4:157.55.116.128/26 ip4:157.55.133.0/24 ip4:157.55.158.0/23 ip4:157.55.234.0/24 ip4:157.56.112.0/24 ip4:157.56.116.0/25 ip4:157.56.120.0/25 ip4:207.46.100.0/24 ip4:207.46.108.0/25 ip4:207.46.163.0/24 ip4:134.170.140.0/24 ip4:157.56.110.0/23 -all" [+0 = 10 mechanisms] spfb.anotherexample.com  text = "v=spf1 ip4:207.46.51.64/26 ip4:213.199.154.0/24 ip4:213.199.180.128/26 ip4:216.32.180.0/23 ip4:64.4.22.64/26 ip4:65.55.83.128/27 ip4:65.55.169.0/24 ip4:65.55.88.0/24 ip4:94.245.120.64/26 ip4:131.107.0.0/16 ip4:157.56.73.0/24 ip4:134.170.132.0/24 -all" [+0 = 10 mechanisms] spfc.anotherexample.com  text = "v=spf1 ip4:207.46.101.128/26 ip6:2a01:111:f400:7c00::/54 ip6:2a01:111:f400:fc00::/54 ip4:157.56.87.192/26 ip4:157.55.40.32/27 ip4:157.56.123.0/27 ip4:157.56.91.0/27 ip4:157.55.206.0/24 ip4:157.55.207.0/24 ip4:157.56.206.0/23 ip4:157.56.208.0/22 -all" [ +0 = 10 mechanisms] _spf-c.example.com  text = "v=spf1 ip4:203.32.4.25 ip4:213.199.138.181 ip4:213.199.138.191 ip4:207.46.52.71 ip4:207.46.52.79 ip4:131.107.1.18 ip4:131.107.1.19 ip4:131.107.1.20 ip4:131.107.1.48 ip4:131.107.1.56 ip4:86.61.88.25 ip4:131.107.1.44 ip4:131.107.1.37 ~all" [+0 = 10 mechanisms] _spf-ssg-a.example.com  text = "v=spf1 include:_spf-ssg-b.example.com include:_spf-ssg-c.example.com ~all"  [+2 = 12 mechanisms] _spf-ssg-b.example.com  text = "v=spf1 ip4:207.68.169.173/30 ip4:207.68.176.1/26 ip4:207.46.132.129/27 ip4:207.68.176.97/27 ip4:65.55.238.129/26 ip4:207.46.222.193/26 ip4:207.46.116.135/29 ip4:65.55.178.129/27 ip4:213.199.161.129/27 ip4:65.55.33.70/28 ~all"  [+0 = 12 mechanisms] _spf-ssg-c.example.com text = "v=spf1 ip4:65.54.121.123/29 ip4:65.55.81.53/28 ip4:65.55.234.192/26 ip4:207.46.200.0/27 ip4:65.55.52.224/27 ip4:94.245.112.10/31 ip4:94.245.112.0/27 ip4:111.221.26.0/27 ip4:207.46.50.221/26 ip4:207.46.50.224 ~all" [+0 = 12 mechanisms] spf-a.secondexample.com  text = "v=spf1 ip4:157.55.0.192/26 ip4:157.55.1.128/26 ip4:157.55.2.0/25 ip4:65.54.190.0/24 ip4:65.54.51.64/26 ip4:65.54.61.64/26 ip4:65.55.111.0/24 ip4:65.55.116.0/25 ip4:65.55.34.0/24 ip4:65.55.90.0/24 ip4:65.54.241.0/24 ip4:207.46.117.0/24 ~all" [+0 = 12 mechanisms] Character String Too Long 255 character limitation in a single string https://kb.isc.org/article/AA-00356/0/Can-I-have-a-TXT-or-SPF-record-longer-than-255-characters.html http://www.string-functions.com/length.aspx You may have more than 255 characters of data in a TXT or SPF record, but not more than 255 characters in a single string. If you attempt to create an SPF or TXT record with a long string (>255 characters) in it, BIND will give an error (e.g. "invalid rdata format: ran out of space".)  Strings in SPF and TXT records should be no longer than 255 characters.  However to get around this limitation, per RFC 4408 a TXT or SPF record is allowed to contain multiple strings, which should be concatenated together by the reading application.  In the case of use for SPF (using either TXT or SPF RRs) the strings are concatenated together without spaces as described below.  Reassembly by other applications of multiple strings stored in TXT records might work differently. 3.1.3. Multiple Strings in a Single DNS record As defined in [RFC1035] sections 3.3.14 and 3.3, a single text DNS record (either TXT or SPF RR types) can be composed of more than one string. If a published record contains multiple strings, then the record MUST be treated as if those strings are concatenated together without adding spaces. For example: IN TXT "v=spf1 .... first" "second string..." MUST be treated as equivalent to IN TXT "v=spf1 .... firstsecond string..." SPF or TXT records containing multiple strings are useful in constructing records that would exceed the 255-byte maximum length of a string within a single TXT or SPF RR record. EXAMPLE text = "v=spf1 ip4:199.15.212.0/22 ip4:72.3.185.0/24 ip4:72.32.154.0/24 ip4:72.32.217.0/24 ip4:72.32.243.0/24 ip4:94.236.119.0/26  ip4:37.188.97.188/32 ip4:185.28.196.0/22 ~all“ text = "v=spf1 ip4:199.15.212.0/22“ " ip4:72.3.185.0/24 ip4:72.32.154.0/24 ip4:72.32.217.0/24" " ip4:72.32.243.0/24 ip4:94.236.119.0/26" " ip4:37.188.97.188/32 ip4:185.28.196.0/22 ~all" Null Records in the SPF Record A record that is NULL or that does not exist will break an SPF record.  Syntax within the record is very important, if there are extra spaces between mechanisms it will count as NULL. EXAMPLE text = "v=spf1 ip4:199.15.212.0/22“ <- accurate text = "v=spf1 ip4: 199.15.212.0/22“ <- NULL (NOTE the space between IP4: and the IP) Repetitive Records in the SPF Record - Void Lookups If there are too many repetitive mechanisms in the SPF record, including records that cascade (for example when using "include:") the record will break. There is a MAX of 2 void look ups in an SPF record.  More than that and the record will break.  This prevents SPF records from being used in Denial of Service style attacks. Validation Tools SPF checker, syntax validator and SPF tester http://www.kitterman.com/spf/validate.html SPF checker http://vamsoft.com/support/tools/spf-policy-tester SPF validator http://vamsoft.com/support/tools/spf-syntax-validator CIDR Calculator http://www.subnet-calculator.com/cidr.php Nslookup http://network-tools.com/nslook/ SPF creation wizard http://www.microsoft.com/mscorp/safety/content/technologies/senderid/wizard/ Common SPF errors http://www.openspf.org/FAQ/Common_mistakes SPF syntax definitions http://www.openspf.org/SPF_Record_Syntax
View full article