SPF but did not search

Hi, I’m getting a message that says “The number of lookups on your SPF record exceed the allowed limit of 10. This will result in emails failing SPF authentication.”

What should I do? Can someone help me please?

Thank you

You can view the ‘additional lookups’ with SPF record Checker | SPF record Tester - Mimecast | DMARC Analyzer but if it goes over 10 records then you need to contact your mail provider to get that fixed.

What about not using the deprecated SPF record and using TXT instead?

You should put it in a TXT record yes, but that won’t solve the 10+ lookups issue.

1 Like

Your current SPF record includes four provider records

v=spf1 include:_spf.google.com include:sent-via.netsuite.com include:squarespace-mail.com include:stripe.com ~all

Each of these providers then has additional include directives. Are you really sending from all these networks?

Google, Netsuite, Squarespace, and Stripe… yep, using all four. And some emails are getting flagged (from Netsuite).

Maybe try to “resolve” the includes manually and add them to your SPF record. Of course, you’ll have to manually verify them. Right now you simply run into that resolution limit.

I suspect you are not including the correct provider SPF records. For example, the stripe.com include alone is 10 lookups, which means that it could never be used as an include as you would immediately have 11 lookups by just including that record.

There are ways to manually compress an SPF record. Check out the Dmarcian example:

1 Like

Can someone tell me what happens if I do nothing?

Your SPF record will only partially work, because some servers will skip it and might not validate emails.

1 Like

Does anyone know if this is what’s causing a DNS error on my Squarespace site?

Not sure why it’s saying my settings are with Network Solutions… my domain is through google domains with Cloudflare DNS

Shouldn’t be. That message is presumably not referring to SPF, you best ask them why they can’t verify it. Maybe because of proxied records.

1 Like

Yea I opened a ticket there. Thanks

Typically this is for proxied records, so maybe unproxy the records in question and check if they can verify it then.

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.