SPF DNS Lookup Limits Reached

I added two hostnames for Barracuda in my MX record in preparation to move to a cloud hosted spam gateway. I then added two include statements in my SPF, one for Barracuda and one for Constant Contact. I’m now getting hit with more than 10 queries. Not sure exactly where I’m getting punished on the queries? I setup DMARC policy of none, but now cannot send mail to Yahoo nor to AOL.

Unless You’ve configured constant contact to use your domain in the SMTP.from (RFC 5321) header you likely don’t require this in the include. Adding DKIM support aligned to the mail from (RFC 5322) domain within Constant Contact should be sufficient for DMARC compliance.

Also check for other includes or lookups you can remove like A, MX or PTR.

Great thank you Matt!


Is there a recommended solution when the DNS SPF Lookup limit is reached and there is a need to add another include:_spf.domain.com ?

My solution was to remove the “mx” from the SPF record and put in my mail server IP in place of it ip4:x.x.x.x then my includes after that.

Thanks Ryan. The “danger” there is if the MX record changes then you have to also change your IP entry in the SPF record. You will need someway to know if their MX record ever changes else it will cause SPF to fail!

If you are receiving an SPF error with to many queries you can opt to flatten your SPF records with a company like https://www.autospf.com - They will flatten ALL of your SPF records, they will automatically flatten your records and either automatically manage them, or they will alert you when there are changes to your SPF record.