An SPF record is essentially a list of all the IP addresses and mail servers that are allowed to send emails on behalf of a particular domain. It also contains information about whether to pass or fail emails coming from your domain but an unauthorized IP address.
SPF records use mechanisms to specify how the receiving server handles incoming email. These are:
a
mx
include
ptr (not recommended)
exists
redirect
Every time your SPF record uses one of the mechanisms mentioned above, it results in a DNS Lookup. In order to prevent Denial of Service (DoS) attacks, the number of DNS lookups per SPF record is limited at 10. Note that the ip4 and ip6 mechanisms do not contribute to the 10 DNS lookup limit.
If your organization requires multiple third party vendors to use your domain to send emails from their separate IP addresses, the number of mechanisms you need to use will increase, and might even go over the limit. The receiving mail server can then fail to authenticate the sending sources you’ve authorized on your SPF record causing your email to fail the SPF check.
In order to prevent this, PowerDMARC offers a single-click PowerSPF feature that optimizes your current SPF record to always have less than 10 DNS lookups, regardless of how many sending sources you wish to authorize. It’s an easy, instant solution that ensures your emails never fail SPF and fail to be delivered.