Solve SPF “Too Many DNS Lookups” issue causing “Permerror”
Automatically Authorize Your Email Sending Sources.Request a demo
“Too Many DNS Lookups” Problem And SPF 10
DNS Lookup Limitation
Most companies use multiple email service providers and every provider requires its own email authentication configurations. If the provider supports SPF authentication, then you must include their SPF mechanism into your domain’s SPF record. However, this can quickly breach the 10 DNS lookup limit and cause “permerror” results. SPF “permerror” result means the domain’s published records can not be correctly interpreted and the domain’s owner must take action to solve the issue.
To reduce the number of DNS lookups, you have to replace the elements causing additional DNS lookups (“a”, “mx”, “ptr”, “exists”, “redirect” and “include”), with the elements not causing any lookup (“ip4” and “ip6”). That process is also called SPF flattening.
THE PROBLEMS WITH SPF FLATTENING
Included records can be changed over time
SPF flattening is not a one time task. You need to always be aware of any changes that could be made by email service providers in their SPF, which you include in your SPF record, and update your flattened SPF record accordingly. If you use multiple email service providers, then flattening the SPF record every time is even harder and error-prone.
SPF TXT record’s 512 bytes limitation related to UDP packet size
SPF’s TXT record can’t have infinite length. So if flattened SPF record has more than 460 symbols, the record must be split into multiple SPF record chunks and be managed separately.
SPF flattening with nested includes can exceed 10 DNS lookup limitation
Even with 512-byte flattened SPF record chunks, you can exceed 10 DNS lookup limitation. So you need to include SPF macroses instead of single IP and IP ranges in SPF record.
Dmarc “quarantine” and ”reject” Policy Rejects
Unauthenticated But Legitimate Emails
When deploying DMARC your goal is to correctly identify existing email authentication issues, fix SPF/DKIM and reach “quarantine” or “reject” policy. However, after moving to quarantine/reject policy, new legitimate email sending sources can appear out of your control (e.g. newly hired marketing person decides to use another and more familiar product for email marketing). You will “lose” all emails sent from the new sending source and waste money. To minimize the loss, you need to be informed and react to new changes as soon as possible.
WHAT WE OFFER
Benefits of using EasySPF
Overcome “Too many DNS lookups” issue
causing "permerror" result by optimizing your SPF record
Repair your SPF record
causing SPF permanent errors ("permerror")
Add, remove, update lots of email service providers
without being concerned about SPF 10 DNS lookup limitation
Mitigate and avoid outgoing emails’ loss
by automatically authorizing new email sending sources even when
your DMARC policy is "quarantine" or "reject"