You are reading this article because someone who thinks they know what they are talking about tells you that our DNS system is incorrect and SPF is misconfigured and shows you a MXToolbox report like the example below.
As you can see it's showing an ERROR on the SPF entry, quoting too many lookups.
Is this a false positive?
Possibly Yes. Depending on how you have your SPF setup, ie if you are using many different mail providers like mailgun, zoho etc and you exceed the lookup limit on SPF Standard (which is 10 lookups), then you "may" get this error.
For every entry in the SPF record, unless it's an IP address, the DNS has to do a "DNS lookup" to get the IP of the server. So in general, the SPF standard is limited to 10 lookups, which means if you have many hostnames within your SPF record, the SPF standard will only check the first 10, and then stop. It's limited to avoid too many queries.
MXToolbox’s SPF checker (and many online ones) are not bound by the SPF standard in an equally strict way and unfortunately will over-report the lookups leading to a false positive.
So this leads us onto "SPF Flattening", which is the process of converting hostnames into IP's addresses.
Example of an SPF record BEFORE flattening.
v=spf1 include:_spf.google.com include:mailgun.org include:spf.protection.outlook.com -all
Example of an SPF record AFTER flattening.
v=spf1 ip4:192.168.1.1 ip4:172.217.10.46 ip4:198.51.100.23 ip4:23.251.128.33 ip4:104.47.38.36 ip4:13.111.51.11 -all
However, SPF flattening is not simple to maintain, because some providers switch IP addresses, so you need to be on top of that.
Say hello to Dynamic SPF Flattening.
There are various services online which provide dynamic SPF flattening services. This means that they will detect any changes in the host names and produce a new dynamic file consisting in all the Ip addresses, so there is no need for lookups each time a mail is received.
Key Points to Consider When Flattening SPF Records
1.DNS Query Reduction: Flattening helps to avoid exceeding the 10 DNS lookup limit imposed by the SPF specification.
2.Maintenance Challenges: If any of the included services change their IPs, the SPF record must be updated manually.
3.Use of SPF Flattening Tools: Tools like SPF Flattening Services or online SPF record analyzers can help automate and maintain flattened SPF records.