The SPF specification limits the number of DNS lookups to 10. This limit helps reduce the amount of resources used by mailbox providers when checking SPF records. If this number is exceeded during a check, a PermError MUST be returned.
This limit is in place to prevent SPF lookups from being a useful avenue for Denial of Service attacks.
There are different ways you can avoid reaching the 10 DNS lookup limit. Here are some common practices:
- Avoid unnecessary include statements
- Use ip4 and ip6 mechanisms
- Remove mechanisms that resolve to the same domain
- Avoid ptr mechanisms (The ptr mechanism is a type of DNS record that resolves an IP address to a domain or hostname).
- Remove legacy partner and vendor domains
Please follow this webpage to check your domain's SPF setup: https://emailstuff.org/spf
Comments
0 comments
Please sign in to leave a comment.