I successfully created an Amazon Route 53 SPF record that seems to resolve correctly, but my mail providers are not able to identify it, or SPF validation is not working properly. The SPF value is not found by SPF checkers/testers. How can I resolve this issue?

Although the SPF record seems to be working correctly, some tools might indicate that the SPF records doesn't exist. With most providers, the SPF configuration is not applied because SPF records were deprecated in April 2014.

RFC 7208 states "SPF records MUST be published as a DNS TXT (type 16) Resource Record(RR) [RFC1035] only. The character content of the record is encoded as [US-ASCII]. Use of alternative DNS RR types was supported in SPF's experimental phase but has been discontinued." For more information, see section 14.1, The SPF DNS Record Type.

Route 53 offers this record type as an available option mostly to maintain compatibility with BIND imports.

To resolve this issue, create a TXT file with the same content as the SPF record:

  1. From the Route 53 Console, choose Hosted zones, and then select the Domain Name that you want to create the SPF record set for.
  2. Copy the value of the SPF record and then choose Create Record Set.
  3. In the Name field, enter a name of your choice.
  4. For Type, chose TXT - Text.
  5. In the Value field, paste the contents of the SPF record from step 2, and then choose Create.

The TXT record should now be able to identify mail providers. For more information, see SPF Format.

Note: The SPF record can be deleted after the TXT record is created.

Route 53, spf, txt

Did this page help you? Yes | No

Back to the AWS Support Knowledge Center

Need help? Visit the AWS Support Center

Published: 2017-03-03