I am getting an error with SPF record lookups saying "Too many included lookups (X)"

You are reading this article because someone who thinks they know what they are talking about tells you that our DNS system is incorrect and SPF is misconfigured and shows you a MXToolbox report like the example below.



As you can see it's showing an ERROR on the SPF entry, quoting too many lookups.

Is this a false positive?

Possibly Yes. Depending on how you have your SPF setup, ie if you are using many different mail providers like mailgun, zoho etc and you exceed the lookup limit on SPF Standard (which is 10 lookups), then you "may" get this error.

For every entry in the SPF record, unless it's an IP address, the DNS has to do a "DNS lookup" to get the IP of the server. So in general, the SPF standard is limited to 10 lookups, which means if you have many hostnames within your SPF record, the SPF standard will only check the first 10, and then stop. It's limited to avoid too many queries.

MXToolbox’s SPF checker (and many online ones) are not bound by the SPF standard in an equally strict way and unfortunately will over-report the lookups leading to a false positive.

So this leads us onto "SPF Flattening", which is the process of converting hostnames into IP's addresses.

Example of an SPF record BEFORE flattening.

v=spf1 include:_spf.google.com include:mailgun.org include:spf.protection.outlook.com -all

Example of an SPF record AFTER flattening.

v=spf1 ip4:192.168.1.1 ip4:172.217.10.46 ip4:198.51.100.23 ip4:23.251.128.33 ip4:104.47.38.36 ip4:13.111.51.11 -all

However, SPF flattening is not simple to maintain, because some providers switch IP addresses, so you need to be on top of that.

Say hello to Dynamic SPF Flattening.
There are various services online which provide dynamic SPF flattening services. This means that they will detect any changes in the host names and produce a new dynamic file consisting in all the Ip addresses, so there is no need for lookups each time a mail is received.

Key Points to Consider When Flattening SPF Records

1.DNS Query Reduction: Flattening helps to avoid exceeding the 10 DNS lookup limit imposed by the SPF specification.

2.Maintenance Challenges: If any of the included services change their IPs, the SPF record must be updated manually.

3.Use of SPF Flattening Tools: Tools like SPF Flattening Services or online SPF record analyzers can help automate and maintain flattened SPF records.

  • 0 Users Found This Useful
Was this answer helpful?

Related Articles

SPF Settings for Rackspace Mail

Related Articles: MX Records | DMARC | DKIM | SPF | Autodiscover You are reading this article...

Phishing Emails

You are reading this article because you have received an email and its obviously a phishing...

What is are my server settings for Rackspace Mail?

The following servers and ports are used to send and receive emails via our Rackspace mail...

MX Settings for Rackspace Mail at JUCRA Digital

Related Articles: MX Records | DMARC | DKIM | SPF | AutodiscoverYou are reading this article...

Subfolder Email Trick

This is a great little trick if you want certain emails to bypass your inbox and be sent to an...