Views:
An SPF record is essentially a list of all the IP addresses and mail servers that are allowed to send emails on behalf of the domain. It also contains information about whether to pass or fail emails coming from your domain but an unauthorized IP address.
 
An SPF record can use mechanisms to specify how the receiving server handles incoming email. These are:
  • a
  • mx
  • Include
  • ptr
  • exists
  • redirect
Some of these mechanisms are also not needed so review and ask your IT department if they are needed or not.
 
Every time your SPF record uses one of the mechanisms mentioned above, it results in a DNS Lookup. In order to prevent Denial of Service (DoS) attacks, the number of DNS lookups per SPF record is limited at 10. Note that the ip4 and ip6 mechanisms do not contribute to the 10 DNS lookup limit.
 
If your organization requires multiple third-party vendors to use your domain to send email from their separate IP addresses, the number of mechanisms you need to use will increase and might even go over the limit. The receiving mail server can then fail to authenticate the sending sources you've authorized on your SPF record causing your email to fail the SPF check.
 
In order to prevent this, Tangent offers a single-click PowerSPF feature that optimizes your current SPF record to always have less than 10 DNS lookups, regardless of how many sending sources you wish to authorize. It's an easy, instant solution that ensures your email never fail SPF and fail to be delivered.