SPF – Invalid include policy syntax

What this means

Your SPF record has an include statement in it, which points to a record elsewhere, which has an invalid policy syntax.

This may be caused by the presence of incorrect symbols or typographical errors.

Why this is a problem

If an include record contains an invalid syntax, it may cause SPF processing to fail.

Email delivery which relies on passing SPF checks successfully may not be delivered successfully to intended recipients. 

In addition, this could increase the chances of unauthorised emails being sent from your domain name.

How to check if the problem is there

Perform an iterative TXT lookup for every include contained in your SPF record. 

For example, if your SPF record contains the following

v=spf1 mx include:spf.example.gov.uk include:servers.example.com -all

Perform a TXT lookup for:

• spf.example.gov.uk 
• servers.example.com

Verify that the record has a valid SPF syntax. Check especially at the beginning and the end, to ensure that it is formatted correctly and that there are no incorrect characters.

You might want to check the issue by using National Cyber Security Centre’s (NCSC) check your email security tool or Hardenize’s domain report tool.

How to fix this

This issue will need to be fixed on the SPF record referenced in the include statement.

If you host the affected SPF record, amend this so that it is formatted correctly and only contains valid characters and statements. 

Pay particular attention to special characters which may have been modified if you have copied and pasted the record from elsewhere.

If you are not in control of the SPF record, you will need to inform the third-party to resolve and correct the issue.

If you no longer need to include the SPF record in question. Remove the include from your SPF record.