Try for free!
We’re hiring! | Login
DMARC knowledge center
Questions about DMARC? Search our docs

Categories

Popular

Recent Posts

Email authentication

Multiple SPF records/entries the complete guide

A domain name can’t have multiple SPF records. If you would like to add more sources (for more applications) you’ll need to update the existing record or (if the record does not exist yet) create a new record with multiple entries.

How to create an SPF record with multiple sources

You can add multiple sources to an SPF record. The total length of the record however cannot be longer than 255 characters.

Example of an SPF record with multiple entries

domain.com TXT
v=spf1 a mx a:mail.domain.com a:mail.domain.ie a:server5.somedomain.com -all

If you need to create a record that exceeds the maximum of 255 characters, you will have to create multiple SPF records by adding them to subdomains which you include in the main domain record. This is shown in the example below:

  1. Subdomain 1 
    spf1.testdomain.com TXT
v=spf1 a mx a:mail.domain.com a:mail.domain.ie a:server5.somedomain.com -all
  2. Subdomain 2 
    spf2.testdomain.com TXT
v=spf1 server7.somedomain.com mx:server95.somedomain.com include:thatdomain.com -all
  3. Subdomain 3 
    spf3.testdomain.com TXT
v=spf1 ip4:192.168.0.1 ip4:192.168.0.2 -all
  4. Then amend the initial SPF as follows: 
    testdomain.com TXT
v=spf1 include:spf1.sampledomain.com include:spf2.sampledomain.com include:spf3.sampledomain.com -all"

What does ‘Maximum lookups exceeded’ mean?

SPF records only allow 10 ‘lookups’ to reduce the load on the email receivers side. The following mechanisms count as lookups:

  • a
  • mx
  • include
  • require
  • ptr

 
The ‘nested’ lookups also count. If you exceed this threshold, the items after the 10th lookup may (/probably will) not count as valid SPF sources.

Reduce the number of lookups

The number of SPF lookups can be reduced by:

  • Cleaning up your record: Sometimes there are duplicate mechanisms in the record (for instance an MX record to Google Apps and an include from Google SPF)
  • Use subdomains for specific email flows. If you set up a subdomain for specific flows you get another 10 lookups for the SPF record for that subdomain.
  • Check if you’re using the correct included domains. Some third-party senders change their usage of SPF every now and then. Perhaps you’re using an old setup which leads to additional included domains (perhaps an include which is redirected to a new URL)
  • Use SPF macros (advanced)

 

Too many SPF lookups? Use DNS delegation

Use the SPF record checker in order to check how many lookups are included within a specific SPF record. If there are too many SPF lookups you can use the SPF delegation tool in order to resolve the “Too many lookups” issue, replace your existing policy with the one provided by the DNS delegation tool. The DNS delegation tool will keep the SPF record up to date whenever one of the included ESPs change their records.