How Manny DNS lookup for SPF

m.alles@belastingdienst.nl · ‎12-28-2020

Hello,

Who knows how much DNS lookup does for an SPF lookup.

I have received an mail and the SPF lookup had the status of permerror.

I have tested the SPF record on different website and they co with the note that the record have more than 10 dns lookups.

The IP adres from de sender of the mail was foud in lookup 11 if i check the spf record on dmarcanalyzer.

M. Alles

Uwe Schneider · ‎12-29-2020

Hello,

there is a SPF 10 DNS lookup limit defined in RFC 4408, 10.1 Processing Limits and RFC 7208, 4.6.4. DNS Lookup Limits.

Hints for SPF RR optimizations are found in mentioned RFC's and under the keyword 'Flatten SPF Records'.

Uwe

charella · ‎12-31-2020

Hello m.alles@belastingdienst.nl

This simple article explains the 10 lookup limit.
https://help.returnpath.com/hc/en-us/articles/222479888-How-can-I-avoid-SPF-failures-if-I-am-reaching-the-DNS-lookup-limit-

Perform a lookup > dig cisco.com txt
Any of the below mechanisms would require a dns lookup.

* include
* a
* mx
* ptr (do not use)
* exists
* redirect

This site will break down the embedded spf lookups for a domain.

https://www.dmarcanalyzer.com/spf/checker/

If it’s not your domain, the best you can do is try to bring it to the attention of the domain admin.
If it is yours you can replace some of the less complex dns lookups with ip for instance. It would make the spf look a little messy but reduce the dns queries.

Happy New Year!

Chris A.

m.alles@belastingdienst.nl · ‎01-04-2021

Hello,

Thanks for all the answers. It is not my domain. i contact the owner of the domain.