When I try to create a TXT record using SPF syntax, I get the error ”CharacterStringTooLong (Value is too long) encountered with {Value}". How can I fix this?

Last updated: 2017-03-23

I get the error message ”CharacterStringTooLong (Value is too long) encountered with {Value}" error when I attempt to add a TXT record with SPF format to my domain. How can I resolve this?

Short Description

TXT records have a DNS limitation of 255 bytes; for more information, see RFC 1035 section 2.3.4. SPF records with a string longer than 255 bytes cannot be split into multiple strings because of the SPF format, and you cannot have two SPF TXT values for the same record. Additionally, SPF records have a lookup limit of 10, which includes redirects. For more information, see RFC 4408.

Note: If your record is a standard TXT record (not using SPF format or syntax), see How do I resolve "TXTRDATATooLong" errors when creating a TXT record?

Resolution

As a workaround, you can create multiple records instead of using one.

In this example, we create 2 records that each contain roughly half of the desired record content. You can store some validated IP addresses in a TXT SPF record and then store the rest in a second one. For example, spfva.example.com contains half of the validated IPs/CIDRs, and spfvb.example.com contains the other half. You can use the "include" SPF macro to refer to all the SPF records and then use them in your domain or subdomain as a TXT record only.

Alternatively, you could include 3 records as follows:

spfva.example.com "v=spf1 ip4:1.2.3.4 ip4:5.6.7.8/31 ?all"
spfvb.example.com "v=spf1 ip4:9.10.11.12/21 ip4:13.14.15.16/28 ?all"
"v=spf1 mx include:spfva.example.com include:spfvb.example.com ?all"

Note: The IP addresses, CIDRs, and domains are just examples. Be sure to replace them with your own network settings.

The SPF qualifiers and results include the following:

Qualifier Result
"+" Pass
"-" Fail
"~" SoftFail
"?" Neutral

In this example, we have configured all the records as "Neutral", but different combinations might be necessary for your use case.

Note: The content of an SPF TXT record is not analyzed by Route 53. It's interpreted as plain text like any other TXT record.


Did this article help you?

Anything we could improve?


Need more help?