When troubleshooting email delivery issues, you might run into some cryptic SPF error on the receiving email server along the lines of:
"SPF PermError: too many DNS lookups"
"SPF Permanent Error: too many DNS lookups"
"SPF Fail: too many DNS lookups"
These messages indicate that the SPF record on your domain involves more than 10 DNS lookups which falls foul of the SPF 10-DNS-lookup limit imposed by the SPF specification. When this happens, SPF returns a PermError indicative of this issue which results in SPF authentication failure. If the final outcome of email authentication is failure, the email message might not land in the inbox.
3 steps to fix the "SPF PermError: too many DNS lookups" issue
1. Go to DMARCLY's Safe SPF feature
Log in to DMARCLY's dashboard, then go to DNS Records -> Safe SPF.
2. Set up Safe SPF on your domain
Choose the domain that has an SPF record with 10+ DNS lookups. This is the domain you need to set up Safe SPF on to break free from SPF's 10-DNS-lookup limit.
Click "Set Up Safe SPF". Enter the original SPF record on the domain. Click "Generate Safe SPF Record".
Your original SPF record will be converted to a Safe SPF record, which is a completely valid SPF record that has the same IP addresses as the original one but contains much fewer DNS lookups.
Now publish the generated Safe SPF record on the domain, in the DNS. Then click "Save Safe SPF".
3. Verify that the SPF PermError is fixed
Use an online SPF record checker to check the domain, you will see that the DNS lookup count is 1, far below the 10-DNS-lookup limit. Note that DNS propagation takes a while, and if you don't see the new SPF record, retry after 5 minutes.
Now your original SPF record containing 10+ DNS lookups is turned into a Safe SPF record. This Safe SPF record contains exactly the same IP addresses as the original SPF record, while containing DNS lookups far fewer than 10. In addition, whenever any of the services used in your original SPF record changes, the Safe SPF record is updated automatically, so that they are always synchronised.
Now you will never have to worry about the dreaded "SPF PermError: too many DNS lookups" issue again!
Protect Your Business Email
Get a 14 day trial. No credit card required.Create Account