The most common errors in SPF records and how to fix them
The SPF record is one of the basic email authentication mechanisms. However, if it is misconfigured, messages from your domain may end up in spam or be completely rejected. Below you will find the most common errors in SPF records and ways to fix them.
Too many DNS lookups (SPF permerror)
The SPF standard allows a maximum of 10 DNS lookups when checking a record.
Mechanisms such as
include,
a,
mx
and
exists
generate additional DNS lookups.
Note:
if the number of lookups exceeds 10, the SPF record will return an error
permerror.
Missing all mechanism
Every SPF record should end with the mechanism
all.
It defines the default policy for servers that do not match the previous rules.
Example of a correct SPF record
v=spf1 include:_spf.google.com ~all
Too many SPF records
A domain can have only one SPF record.
If several TXT records starting with
v=spf1,
mail servers will return an error
permerror.
Instead of creating multiple SPF records, all mechanisms should be combined into one record.
Incorrect record syntax
A common problem is typos or incorrect SPF record syntax. A missing colon, incorrect IP range or invalid mechanism can cause a validation error.
Check the SPF record
Not sure if your SPF record is correct? Use a tool that will analyze the syntax and explain the meaning of individual mechanisms.
SPF Record Analysis