What is a recommended TTL for SPF/DKIM/DMARC records?
Authentication record TTL recommendations:
SPF:
Normal: 3600-86400 seconds
During changes: 300-600 seconds
SPF rarely changes for stable setups.
DKIM:
Normal: 3600-86400 seconds
Key rotation: Lower TTL before, during, after rotation
Longer TTL is fine since selectors change rather than records being modified.
DMARC:
Normal: 3600-86400 seconds
Policy changes: Lower temporarily
Especially when moving from none to quarantine to reject.
Standard approach: 3600 seconds provides good balance for most situations.
Credential validity periods. Stable credentials can have longer validity.
Was this answer helpful?
Thanks for your feedback!