Removing SPF Resource Records

With the creation of RFC 4408 also new a record type 99 for DNS was created to identify SPF Resource Records. It was advised to have both TXT and SPF records in DNS with the same content.  RFC 4408 was obsoleted by RFC 7208 in 2014 with paragraph 3.1 stating the following:

SPF records MUST be published as a DNS TXT (type 16) Resource Record (RR) [RFC1035] only.  The character content of the record is encoded as [US-ASCII].  Use of alternative DNS RR types was supported in SPF's experimental phase but has been discontinued.

Now that the SPF Resource Record has been discontinued for  a while, the time has come to remove it from DNS (if not done already) and make sure it never comes back. Luckily most code libaries already preferred the TXT variant, but still this is one to put on the maintenance checklist to remove it for any application code and/or infrastructure.

Published by Hans Spaans

Unix & security consultant with a passion for Linux, Solaris, PostgreSQL, Perl and network services, but also a strong believer in open and free source, standards and content.