Solve SPF “Too Many DNS Lookups” issue causing “Permerror”

Automatically Authorize Your Email Sending Sources.

Request a demo

“Too Many DNS Lookups” Problem And SPF 10 
DNS Lookup Limitation

Most companies use multiple email service providers and every provider requires its own email authentication configurations. If the provider supports SPF authentication, then you must include their SPF mechanism into your domain’s SPF record. However, this can quickly breach the 10 DNS lookup limit and cause “permerror” results. SPF “permerror” result means the domain’s published records can not be correctly interpreted and the domain’s owner must take action to solve the issue.

To reduce the number of DNS lookups, you have to replace the elements causing additional DNS lookups (“a”, “mx”, “ptr”, “exists”, “redirect” and “include”), with the elements not causing any lookup (“ip4” and “ip6”). That process is also called SPF flattening.

easy spf


Included records can be changed over time

SPF flattening is not a one time task. You need to always be aware of any changes that could be made by email service providers in their SPF, which you include in your SPF record, and update your flattened SPF record accordingly. If you use multiple email service providers, then flattening the SPF record every time is even harder and error-prone.

SPF TXT record’s 512 bytes limitation related to UDP packet size

SPF’s TXT record can’t have infinite length. So if flattened SPF record has more than 460 symbols, the record must be split into multiple SPF record chunks and be managed separately.

SPF flattening with nested includes can exceed 10 DNS lookup limitation

Even with 512-byte flattened SPF record chunks, you can exceed 10 DNS lookup limitation. So you need to include SPF macroses instead of single IP and IP ranges in SPF record.

Dmarc “quarantine” and ”reject” Policy Rejects
Unauthenticated But Legitimate Emails

When deploying DMARC your goal is to correctly identify existing email authentication issues, fix SPF/DKIM and reach “quarantine” or “reject” policy. However, after moving to quarantine/reject policy, new legitimate email sending sources can appear out of your control (e.g. newly hired marketing person decides to use another and more familiar product for email marketing). You will “lose” all emails sent from the new sending source and waste money. To minimize the loss, you need to be informed and react to new changes as soon as possible.

Benefits of using EasySPF

Overcome “Too many DNS lookups” issue

causing "permerror" result by optimizing your SPF record

Repair your SPF record

causing SPF permanent errors ("permerror")

Add, remove, update lots of email service providers

without being concerned about SPF 10 DNS lookup limitation

Mitigate and avoid outgoing emails’ loss

by automatically authorizing new email sending sources even when
your DMARC policy is "quarantine" or "reject"