SPF record length cap

[razgrim]

Hiya, been using this application for our business. Works great, we found that some vendors experienced problems with SPF records exceeding the character max of 255, which most entries generated by spflat appear to do.
spflat should probably cap generated record lengths at 255 chars.

[cetanu]

Hello! Glad to hear it's working well so far.

I think what you may be referring to is due to this:
https://github.com/cetanu/sender_policy_flattener/blob/master/sender_policy_flattener/formatting.py#L76

I think this attempts to keep the spf record size under 500 bytes including tokens like v=spf1 include=... etc.
Is that what you're observing?
I could make this configurable via a CLI parameter if so.

[razgrim]

Ahhh thanks for pointing that out! I'll apply the cap there for now.
Apparently Atlassian (Confluence, JIRA, etc) use this "PowerDNS" application which they've claimed, has trouble with these TXT records exceeding 255 chars (thinking RFC 4408 3.1.3). So feeling this is more a their-side failure.

[cetanu]

Hey there @razgrim, sorry it's been a while since I responded.

I had to do a bunch of digging around for this, because as it turns out, I actually work on the same team that manages the PowerDNS recursors responsible for this problem! We've come full circle 😆

I actually wrote this script years before joining Atlassian.

Anyway, back to actually solving this... I think I can add a little config to PowerDNS that will offload resolution of your domain to a resolver that is better able to handle parsing those TXT records.
I'm waiting on another change to go through before I can start testing to see if my idea is going to work here.