Funny situation, and I'm not sure if this is my fault or Google's.
I have a domain, example.com, which has 2 subdomains: main.example.com, and spf.example.com. For main.example.com domain, my TXT record used to be defined as: v=spf1 redirect=example.com with relevant TXT for example.com defined.
For various reasons, I decided to create "main" TXT SPF for spf.example.com, and redirect there. Please note that SOA and NS exists only for example.com. I changed main.example.com TXT to read v=spf1 redirect=spf.example.com and Google (according to DMARC report) does not see the SPF record anymore. Yahoo and Microsoft do.
So I run a second test: created backup.example.com, sent a few email without TXT SPF defined, DMARC report from all of Yahoo, MS and Google reflects that there's no TXT SPF. Defined TXT as v=spf1 redirect=spf.example.com and bam, MS and Yahoo noticed that, while Google still did not.
Any explanation except for "Google mail software sucks"?
As I understood it, the value in your redirect records looks as follows:
There are two problems that I immediately notice:
-) without any mechanism, ie the record appears to be syntactically incorrect.redirectis used, but it's not the last entry in the record.Both of these are problematic as the spec tries to ensure that the record should actually be understood before it's acted upon:
From the Record Evaluation section of the SPF spec (emphasis added):
From the redirect section of the SPF spec (emphasis added):