• Log In
  • Sign Up
  • Contact Us
PowerDMARC
  • Features
    • PowerDMARC
    • Hosted DKIM
    • PowerSPF
    • PowerBIMI
    • PowerMTA-STS
    • PowerTLS-RPT
    • PowerAlerts
  • Services
    • Deployment Services
    • Managed Services
    • Support Services
    • Service Benefits
  • Pricing
  • Power Toolbox
  • Partners
    • Reseller Program
    • MSSP Program
    • Technology Partners
    • Industry Partners
    • Find a partner
    • Become a Partner
  • Resources
    • DMARC: What is it and How does it Work?
    • Datasheets
    • Case Studies
    • DMARC in Your Country
    • DMARC by Industry
    • Support
    • Blog
    • DMARC Training
  • About
    • Our company
    • Clients
    • Contact us
    • Book a demo
    • Events
  • Menu Menu

How to Fix “The DNS record type 99 (SPF) Has Been Deprecated”?

Blogs
The DNS record type 99 SPF Has Been Deprecated

You may have come across an SPF record warning sign saying The DNS record type 99 (SPF) has been deprecated. This is because it was discontinued in 2014. The blog will discuss more on the same. 

The Announcement of the Deprecation of DNS Record Type 99 (SPF)

The SPF development team imposed stricter policies during the initial days. This led to the emergence of the DNS record of type 99 (SPF). However, this SPF record deprecated in April 2014 as per RFC7208.

Presently, all SPF records should be published as a DNS TXT (type 16) Resource Record only.

The Reasons Behind “SPF Record Deprecated”

As per RFC7208 section 3.1, the regulations for assigning new DNS RR types were more uptight during the early development phase as compared to the present scenario. However, DNS servers and provisioning systems didn’t align well with the deployment of those DNS RR types which led to their obsoletion. 

The developers learnt it was more viable to switch to the TXT RR type for SPF implication. Since then the DNS record type 99 (SPF) has been deprecated.

The Impact of the Deprecation on Existing SPF Implementations

Alternatives to SPF for Email Authentication

Sender Policy Framework help email providers verify if a mail server is authorized to send emails from a particular domain. Its alternatives are DKIM and DMARC, however, uptime monitoring services help too. 

  • DKIM authenticates emails using cryptography where digital signatures are added to verify a sender’s legitimacy. It works by adding a signature to the header which is shielded with encryption. All DKIM signatures enclose information that’s used by the recipient’s server to run verification checks.
    The sender’s email server has a private DKIM key which is matched with the other half of the keypair called the public DKIM key. DKIM selector determines where to look for the key, and once it’s found, it’s used to decrypt the DKIM signature.
    The values are compared. If they match, DKIM is valid.
  • DMARC instructs the receiver’s server on how to deal with emails failing SPF and/or DKIM checks. You can choose to set the DMARC policy to none (no action is taken against failed emails), quarantine (failed emails are marked as spam), or reject (failed emails don’t enter the mailbox at all).
    Once you have configured DMARC properly for your domain, you will start receiving reports that you should monitor to detect suspicious activities.
  • Uptime monitoring is an automated method of informing the concerned team when a website goes down during an outage. It uses the same concept for email authentication as well by checking your record at 1-minute intervals 24/7. Authentication record uptime refers to the time that a record is properly configured and updated. The uptime monitor verifies the correctness of email authentication records. It notifies the concerned team if it detects any issues or discrepancies.

Updating SPF Configurations to Align with the Deprecation of DNS Record Type 99

If you are also seeing the DNS record type 99 (SPF) has been deprecated warning, then open the console and select the domain of the SPF record. Copy the values and create a record by choosing TXT as the record type. 

How to Create and Publish an SPF TXT Record?

Safeguard your business reputation by attempting the following steps to create and publish an SPF TXT record:

Step 1: Make a List 

The first step of SPF implementation is enlisting all the IP addresses permitted to send emails using your domain. This includes IP addresses of local networks and devices belonging to your team members, board members, and third-party vendors allowed to send emails on your behalf. Also, consider adding ESPs and in-office mail servers.

Step 2: Create your SPF Record

Once you have gathered the list, create your SPF record. Here’s what you have to do next.

  • Specify the version using the v tag. Currently, there’s only one version, so you should start with v=spf1.
  • This has to be followed by all the IP addresses added to the list created initially. Example: v=spf1 ip4:123.23.456
  • After implementing all the include tags and IP addresses, end your record with ~all, -all, or ?all tag. The -all tag denotes a hard failure, whereas the ~all tag indicates a soft failure. 

Step 3: Publish the Record to DNS 

Your DNS manager is responsible for publishing the SPF record. Now, this could be an internal position or you can raise a request that your DNS provider does it for you.

Once you have published it, ensure using a free SPF record checker by PowerDMARC to have an error-free record.

the dns record type 99 (spf) has been deprecated

  • About
  • Latest Posts
Ahona Rudra
Digital Marketing & Content Writer Manager at PowerDMARC
Ahona works as a Digital Marketing and Content Writer Manager at PowerDMARC. She is a passionate writer, blogger, and marketing specialist in cybersecurity and information technology.
Latest posts by Ahona Rudra (see all)
  • How to Protect Your Passwords from AI - September 20, 2023
  • What are Identity-based Attacks and How to Stop Them? - September 20, 2023
  • What is Continuous Threat Exposure Management (CTEM)? - September 19, 2023
March 9, 2023/by Ahona Rudra
Tags: spf record deprecated, the dns record type 99 (spf) has been deprecated
Share this entry
  • Share on Facebook
  • Share on Twitter
  • Share on WhatsApp
  • Share on LinkedIn
  • Share by Mail

Secure Your Email

Stop Email Spoofing and Improve Email Deliverability

15-day Free trial!


Categories

  • Blogs
  • News
  • Press Releases

Latest Blogs

  • How-to-protect-your-Password-from-AI
    How to Protect Your Passwords from AISeptember 20, 2023 - 1:12 pm
  • What are Identity-based attacks and how to stop them_
    What are Identity-based Attacks and How to Stop Them?September 20, 2023 - 1:03 pm
  • the dns record type 99 (spf) has been deprecated
    What is Continuous Threat Exposure Management (CTEM)?September 19, 2023 - 11:15 am
  • What-are-DKIM-Replay-Attacks-and-How-to-Protect-Against-Them
    What are DKIM Replay Attacks and How to Protect Against Them?September 5, 2023 - 11:01 am
logo footer powerdmarc
SOC2 GDPR PowerDMARC GDPR comliant crown commercial service
global cyber alliance certified powerdmarc csa

Knowledge

What is Email Authentication?
What is DMARC?
What is DMARC Policy?
What is SPF?
What is DKIM?
What is BIMI?
What is MTA-STS?
What is TLS-RPT?
What is RUA?
What is RUF?
AntiSpam vs DMARC
DMARC Alignment
DMARC Compliance
DMARC Enforcement
BIMI Implementation Guide
Permerror
MTA-STS & TLS-RPT Implementation Guide

Tools

Free DMARC Record Generator
Free DMARC Record Checker
Free SPF Record Generator
Free SPF Record Lookup
Free DKIM Record Generator
Free DKIM Record Lookup
Free BIMI Record Generator
Free BIMI Record Lookup
Free FCrDNS Record Lookup
Free TLS-RPT Record Checker
Free MTA-STS Record Checker
Free TLS-RPT Record Generator

Product

Product Tour
Features
PowerSPF
PowerBIMI
PowerMTA-STS
PowerTLS-RPT
PowerAlerts
API Documentation
Managed Services
Email Spoofing Protection
Brand Protection
Anti Phishing
DMARC for Office365
DMARC for Google Mail GSuite
DMARC for Zimbra
Free DMARC Training

Try Us

Contact Us
Free Trial
Book Demo
Partnership
Pricing
FAQ
Support
Blog
Events
Feature Request
Change Log
System Status

  • Français
  • Dansk
  • Nederlands
  • Deutsch
  • Русский
  • Polski
  • Español
  • Italiano
  • 日本語
  • 中文 (简体)
  • Português
  • Norsk
  • Svenska
  • 한국어
© PowerDMARC is a registered trademark.
  • Twitter
  • Youtube
  • LinkedIn
  • Facebook
  • Instagram
  • Contact us
  • Terms & Conditions
  • Privacy Policy
  • Cookie Policy
  • Security Policy
  • Compliance
  • GDPR Notice
  • Sitemap
SPF DKIM DMARC: The Foundational Elements of Email AuthenticationSPF DKIM and DMARC The Foundational Elements of Email Authenticationpublish bimi record5 Steps to Create and Publish a BIMI Record
Scroll to top