Email security and authentication is a major issue amongst organizations that want to protect themselves from spoofed and phishing emails, or want to enhance the deliverability of their marketing emails. Which is certain authentication mechanisms, including SPF, DKIM, DMARC, MTA-STS, and BIMI are used for these purposes.
Configuring these elements can be a bit tricky. If wrongly configured, you could alter the path of the incoming as well as the outgoing emails from your domain (literally!). For those purposes, you may use free third-party tools, like our Email Security & Deliverability Checker, to verify whether your DNS configurations are as they should be. However, one of the common errors that you may encounter while performing the check is:
The DNS record type 99 (SPF) has been deprecated
This error would result in a wrongly configured SPF record, and show that your SPF configuration is not up to normal standards. Some users have also reported that they are seeing this error code even when they double-check the SPF record on their DNS and is correctly configured. So why is this error occurring then?
In this post, we will discuss why the error “DNS record type 99 (SPF) has been deprecated” occurs, what was the reason behind the decision of its deprecation, and how you can resolve it. But before that, let me give you a little background.
Table of Contents
What is the SPF DNS record?
Although I have written a detailed post on SPF and its configuration, just to give you a little background, the Sender Policy Framework (SPF) is a Domain Name Server (DNS) record that stores the names of the servers that are allowed to send emails on the domain’s behalf. Servers not on the list are highlighted by the receiving mail server, and then the DMARC policy determines what to do with emails that are not allowed/authenticated.
Before an email is delivered, the mail server fetches the domain in the envelop header, or “return path”, and cross-matches it to the receiving domain’s DNS records. If the name is in the SPF records, the mail will be SPF-authenticated and will have passed “SPF alignment”.
This information about SPF should be sufficient to understand what the “DNS record type 99 (SPF) has been deprecated” error means.
What does the DNS Record Type 99 (SPF) has been deprecated mean
When saving records on the DNS, you can choose from a variety of types of records. At the moment, you can save a record using one of the following options:
- A
- AAAA
- CAA
- CNAME
- DMARC
- MX
- SRV
- TXT
Each of these types serves a special, or numerous purposes. For example, an “MX” record can only be used to define a Mail Exchange server, whereas a “TXT” record can be used to define a variety of elements, such as the values for DKIM, DMARC, etc.
The “Type 99 SPF” record was another type of record that you could previously create. As the name suggests, it was used to define SPF records. However, the SPF type was deprecated in 2014, and the Internet Engineering Task Force (IETF) decided to shift to the TXT-type resource record (RR) for SPF entries.
Since the type 99 SPF record has been deprecated, it is no longer available in the list of types of DNS records. However, the domains that have been configured for a long continue to use this record type.
So if you are encountering the “The DNS record type 99 (SPF) has been deprecated” error, it is likely that your DNS still has a record of the old type 99 SPF. Note that if you have an older type 99 SPF record as well as a modern SPF TXT record (type 16), then you may still see the error, but your emails will continue to flow regularly.
Why was the DNS record type 99 SPF deprecated?
The Type 99 (SPF) record was deprecated in April 2014, as per the IETF documentation RFC7208. The reason for its deprecation was the scarce use of the SPF RR. It did not fit well with the people and barely used it. Moreover, the format of this type of RR was identical to that of TXT, causing some confusion.
Because of these reasons, IETF decided to discontinue the type 99 resource record and replace it with the existing TXT record type.
You can read more about the decisions and conclusions behind the deprecation of type 99 (SPF) record type in the IETF documentation RFC6686.
Fix the “The DNS record type 99 (SPF) has been deprecated” error
Since the type 99 (SPF) record has been deprecated, it has been replaced by the TXT record, which is also known as the type 16 record. To fix the error, you must first identify and remove the type 99 SPF record from your DNS record, and then replace it with the SPF TXT record.
Use the following step-by-step guide to mitigate the error and get your SPF policy working again:
-
Log into your DNS as an administrator.
-
Go to the zone records section.
-
Look for the “SPF” record in the type category, and then click Delete in front of it.
-
If asked for confirmation, confirm the deletion of the SPF record.
-
Once deleted, create a new TXT-type DNS record.
-
Set the name of the TXT record to your domain name. For example, I would set the following name for the TXT record:
itechtics.com
-
Now set the value for the SPF record. It should look something like the following example:
v=spf1 +a +mx +ip4:[IPAddress] include:[DomainName] ~all
Learn more about the different mechanisms, qualifiers, and values of the SPF TXT record here.
-
[Optional] You may adjust the Time To Live (TTL) value, which is actually how long the record will be cached for.
-
When done, click Save Record.
Once the record is saved, allow some time for the previous record to wear off (depending on how long the TTL was set), and the new SPF record to propagate. Once it does, you can check the updated SPF status using our Email Security & Deliverability Checker tool.
While performing the steps above, it may be possible that you do not see a type 99 SPF record in your DNS, but the tool still might be throwing the “The DNS record type 99 (SPF) has been deprecated” error. This usually happens when there are some maintenance issues at your service provider’s end. The SPF record may not exist but is still being registered as a legitimate SPF record.
This can either be fixed by the service provider support or if the server still supports it, creating a new SPF record and then deleting it again. This approach has worked in the past for a few users. You can read more about a similar problem a Cloudflare user experienced here.
Closing words
The “The DNS record type 99 (SPF) has been deprecated” error occurs if your DNS records were configured a long time ago and have not been updated, or there is something wrong with the configuration.
If you are experiencing such an issue, your first go-to should be to check whether a type 16 SPF TXT record exists or not. If it does, you can continue to keep using your domain without experiencing issues. However, if it does not, and only a type 99 PSPF record exists, then you should adopt the steps given above, remove the existing record, and create a new one.
However, if you cannot find a type 99 RR, then it is best to contact your service provider and raise a ticket with them to mitigate the issue at their end since old SPF type 99 records can still be stuck somewhere within their vast network of servers.
