I've been facing issues with email rejections from clients due to hitting the maximum lookup limit for SPF records. When I checked using dnschecker.org and easydmarc.com, I found that Microsoft's spf.protection.outlook.com includes 11 lookups, which is out of my control. We do use SPF flattening because marketing introduces numerous entries, but that doesn't seem to help with this problem. How can I manage this situation better?
3 Answers
It sounds like you might have too many entries in your SPF record that are contributing to the lookup limit. Without seeing your actual record, it can be difficult to give specific advice. It’s worth discussing with your marketing team to see if they can reduce the number of entries. The 11 lookups from Microsoft are just how their system is set up, so that's not something you can control directly.
The 10 lookup limit exists to avoid excessive DNS queries that can lead to denial of service. The spf.protection.outlook.com includes all its IP addresses, so it's just a part of dealing with their service. Make sure to check the other records you have as well; those might also be contributing to the problem.
Remember, the SPF limit applies to DNS lookups, so the IPs themselves won’t count against you. It's essential to validate all your records. Since you’re using dmarcly for flattening other entries, you might want to ensure that only necessary entries remain for your SPF record featuring Microsoft. It’s strange that dmarcly entries get counted separately now; it may be worth revisiting your SPF setup.
Related Questions
Can't Load PhpMyadmin On After Server Update
Redirect www to non-www in Apache Conf
How To Check If Your SSL Cert Is SHA 1
Windows TrackPad Gestures