How to fix SPF record exceeding DNS lookup limit?
Summary
What email marketers say11Marketer opinions
Marketer from Email Geeks shares a cautionary tale that includes from ESPs can lead to excessive SPF lookups due to their own extensive listings.
Email marketer from SuperOffice explains that a properly configured SPF record can improve deliverability and prevent spammers from forging your domain. It's important to keep the record updated and accurate.
Email marketer from dmarcian clarifies that you cannot have multiple SPF records for a single domain. Having multiple SPF records will cause authentication issues, and the best practice is to consolidate all mechanisms into a single record.
Email marketer from MXToolbox suggests testing your SPF record before pushing it live. Their tool will give you warnings and help identify nested includes.
Email marketer from EasyDMARC details that SPF flattening involves resolving all the 'include' statements in your SPF record to their corresponding IP addresses to stay within the DNS lookup limit.
Email marketer from EmailQuestions advises that a possible route is to ask your ESP for dedicated IPs. This will prevent any shared domains that might be in their includes that might have nested lookups.
Marketer from Email Geeks suggests using a CNAME for SendGrid to reduce the number of SPF lookups, along with removing unnecessary includes as Matt V mentioned. Provides a link to Sendgrid documentation.
Email marketer from AuthSMTP explains that the limit exists to prevent denial-of-service attacks and to ensure that SPF checks don't take too long. Suggests removing unnecessary includes and using SPF flattening.
Email marketer from Stack Overflow suggests examining all include statements for nested lookups, and that third parties often have many, and combining is one method to get below limits.
Email marketer from Reddit suggests that if you can't get under the lookup limits, consider setting up a subdomain to send those emails from, and set up a different SPF record that can bypass the limits.
Email marketer from Mailhardener Blog suggests using techniques like SPF flattening, removing unnecessary includes, and using a dedicated sending domain to reduce SPF lookups and stay within the limit.
What the experts say4Expert opinions
Expert from Email Geeks advises that many includes in the SPF record may not be necessary, suggesting that services like Mailchimp and HubSpot might not be actively used for sending emails from the domain, and therefore can be removed.
Expert from Spam Resource shares tips on optimizing SPF records, including removing unused includes, consolidating multiple includes into a single include where possible, and using IP addresses instead of domain names when appropriate to avoid DNS lookups. They also mention the tool from Word to the Wise for checking.
Expert from Email Geeks identifies the multiple includes in the SPF record for withwayfinder.com that are causing it to exceed the DNS lookup limit of 10, highlighting that the record requires 11 lookups.
Expert from Word to the Wise explains that their authentication tool helps diagnose SPF issues, including identifying nested lookups that contribute to exceeding the limit. The tool will give you a count of lookups.
What the documentation says5Technical articles
Documentation from OpenSPF specifies that the syntax of an SPF record is a TXT record that begins with v=spf1. It also details what all the parameters are and how they work in relation to each other.
Documentation from Cloudflare outlines the standard syntax of SPF records and how they work, but also what the most common issues are. The most common problem is exceeding the DNS lookup limit of 10.
Documentation from Microsoft states that SPF prevents spoofing and provides the best practices for the creation and maintenance of SPF records and what the limits are. It refers back to RFC 7208
Documentation from RFC Editor specifies that SPF implementations MUST limit the number of mechanisms and modifiers that cause DNS lookups to at most 10 per SPF check, including any lookups caused directly or indirectly by these mechanisms and modifiers.
Documentation from Google explains that exceeding the 10 DNS lookup limit can cause SPF checks to fail. Suggests streamlining SPF records and using techniques to minimize lookups for improved email deliverability.