How to fix SPF PermError: too many DNS lookups
When troubleshooting email delivery issues, you might run into some cryptic SPF error on the receiving email server along the lines of:
SPF PermError: too many DNS lookups
SPF Permanent Error: too many DNS lookups
SPF Fail: too many DNS lookups
These messages indicate that the SPF record on your domain involves more than 10 DNS lookups which falls foul of the SPF 10-DNS-lookup limit imposed by the SPF specification.
When this happens, SPF returns a PermError indicative of this issue which results in SPF authentication failure. If the final outcome of email authentication is failure, the email message probably won't land in the inbox.
Steps to overcome the SPF PermError: too many DNS lookups issue
Follow the 3 steps below to fix this issue.
1. Navigate to DMARCLY's Safe SPF feature page
Log in to DMARCLY's dashboard, then go to DNS Records -> Safe SPF.
2. Set up Safe SPF on your domain
Choose the domain that has an SPF record with 10+ DNS lookups. This is the domain you need to set up Safe SPF on to break free from SPF's 10-DNS-lookup limit.
Click "Set Up Safe SPF". Enter the original SPF record on the domain. Click "Generate Safe SPF Record".
Your original SPF record will be converted to a Safe SPF record, which is a completely valid SPF record that has the same IP addresses as the original one but contains fewer DNS lookups.
Now publish the generated Safe SPF record on the domain, in the DNS. Then click "Save Safe SPF".
3. Verify that the SPF PermError is fixed
Use an online SPF record checker to check the domain, you will see that the DNS lookup count is not above the 10-DNS-lookup limit. Note that DNS propagation takes a while, and if you don't see the new SPF record, retry after 5 minutes.
Now your original SPF record containing 10+ DNS lookups is converted to a Safe SPF record. This Safe SPF record contains exactly the same IP addresses as the original SPF record, while containing no more than 10 DNS lookups. In addition, whenever any of the services used in your original SPF record changes, the Safe SPF record is updated automatically, so that they are always synchronised.
Now you will never have to worry about the dreaded SPF PermError: too many DNS lookups issue again!
Protect Business Email & Improve Email Deliverability
Get a 14 day trial. No credit card required.Create Account