cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2307
Views
15
Helpful
3
Replies

How Manny DNS lookup for SPF

Hello,

Who knows how much DNS lookup does for an SPF lookup.

I have received an mail and the SPF lookup had the status of permerror.

I have tested the SPF record on different website and they co  with the note that the record have more than 10 dns lookups.

The IP adres from de sender of the mail was foud in lookup 11 if i check the spf record on dmarcanalyzer.

 

M. Alles

3 Replies 3

Uwe Schneider
Level 1
Level 1

Hello,

 

there is a SPF 10 DNS lookup limit defined in RFC 4408, 10.1 Processing Limits and RFC 7208, 4.6.4. DNS Lookup Limits.

 

Hints for SPF RR optimizations are found in mentioned RFC's and under the keyword 'Flatten SPF Records'.

 

Uwe

Hello m.alles@belastingdienst.nl

This simple article explains the 10 lookup limit.
https://help.returnpath.com/hc/en-us/articles/222479888-How-can-I-avoid-SPF-failures-if-I-am-reaching-the-DNS-lookup-limit-


Perform a lookup > dig cisco.com txt
Any of the below mechanisms would require a dns lookup.

* include
* a
* mx
* ptr (do not use)
* exists
* redirect

This site will break down the embedded spf lookups for a domain.

https://www.dmarcanalyzer.com/spf/checker/

If it’s not your domain, the best you can do is try to bring it to the attention of the domain admin.
If it is yours you can replace some of the less complex dns lookups with ip for instance. It would make the spf look a little messy but reduce the dns queries.

Happy New Year!

Chris A.



Hello,

Thanks for all the answers. It is not my domain. i contact the owner of the domain.