Forum Discussion
Record contains too many lookups (SPF Records)
Jeff Harlow Jeff we had similar issues as you and found that we had to 'flatten' our SPF records. What we ended up doing was creating multiple txt records in DNS for this. We started with the original txt entry with the domain name, and then added spf1 and spf2 txt records. Inside the main record you then reference these other two records. The biggest issue becomes the domain names which count toward your total of 10. In our case we used the SPF survey site listed below which helps to flatten your records by using IP address ranges.
Our Main SPF Record:
v=spf1 include:spf.protection.outlook.com include:spf.somesite.net include:anotherSite.com include:spf1.ourDomainName.com include:spf2.ourDomainName.com ~all
SPF1 and SPF2 would look like this with all IP's. We got these ranges with the help of the Dmarcian site
SPF1
v=spf1 ip4:1.2.3.4/20 ip4:9.8.7.6/28 ip4:1.2.3.4/20 ip4:9.8.7.6/28 ip4:1.2.3.4/20 ip4:9.8.7.6/28
SPF2
v=spf1 ip4:1.2.3.4/20 ip4:9.8.7.6/28 ip4:1.2.3.4/20 ip4:9.8.7.6/28 ip4:1.2.3.4/20 ip4:9.8.7.6/28
- Jeff HarlowApr 09, 2019Iron Contributor
DougBartley Wouldnt flattening the IPs cause issues in the future when IP addresses change? DNS would seem like it would be better to manage. Servers can often change IP addresses and that information does not always get reported back from a vendor to a client.
- invidiaMay 19, 2019Copper Contributor
DougBartley Thanks! Used https://dmarcian.com/spf-survey/ to flatten SPF into three TXT records and worked perfectly. Have tested all third-party email sending platforms we use with our domain using http://tools.bevhost.com/spf/ and SPF is reporting pass on all, including for Office 365 (previously using include:spf.protection.outlook.com). Now on to using dmarcian to configure and transition to full DMARC!