Skip to main content

Beta What do you think of this service? Your feedback will help us to improve it.

  5. SPF: DNS lookups over limit

Author: Government Digital Service

SPF: DNS lookups over limit

What this means

Your SPF record is generating more than 10 DNS lookups.

Why this is a problem

The SPF standard only allows a maximum of 10 DNS lookups in an SPF record evaluation. If you exceed this limit, SPF processing may fail.

Email delivery which relies on passing SPF checks may not be delivered successfully to intended recipients. In addition, this could increase the chances of spoofing emails being sent from your domain.

How to check if the problem is there

Inspect your SPF record for entries which generate DNS lookups.

You might want to use the following online tools to check for this issue:

How to fix this

You should aim to keep your SPF record lookups at 10 or less so that it is compliant.

Review your SPF record to determine if any a, mx, or include statements are no longer necessary or can be merged. Check any 3rd party includes to see if they can be optimised and refer to provider guidance. 

Consider using subdomains for services which send email, as these can have their own SPF records and do not need to be part of the parent SPF record.

NCSC have published a comprehensive guide on fixing issues related to SPF.

Sign up to UK Government Security

Subscribe to our newsletters to receive notifications when changes to strategy, policy, standards, and guidance are published on the website.

Sign up now