Forum Discussion

AP15's avatar
AP15
Icon for Altostratus rankAltostratus
Jul 11, 2023

SPF TXT lookup limit RFC 7208 4.6.4

Can someone please confirm best way to include more DNS lookup within SPF record. How does F5 implementation work for 10+ lookup records? 
  • Leslie_Hubertus's avatar
    Jul 17, 2023

    Hi AP15  - FYI - I've floated this post to the top of the forum for now, to give your post more visibility and a higher chance of getting an answer from the community. 

  • JRahm's avatar
    Jul 25, 2023

    Hi AP15 ... max 10 is the standard, you'll break SPF and bad things will happen, so you don't want to do that. However, there are ways to work around the issue. Check out autoSPF and analyze any domain and it will give you pointers. For example, the F5.com domain has a query count of 5/10, which they offer a solution to reduce to 2/10 by sharding the load like so:

     

    f5.com spf:
    v=spf1 ip4:40.92.0.0/15 ip4:40.107.0.0/16 ip4:52.100.0.0/14 ip4:104.47.0.0/17 ip4:72.3.185.0/24 ip4:166.78.68.0/22 ip4:104.219.104.14 ip4:104.219.105.14 ip4:104.219.106.14 ip4:104.219.107.14 ip4:72.32.154.0/24 ip4:72.32.217.0/24 ip4:72.32.243.0/24 ip4:209.61.151.0/24 ip4:198.61.254.0/23 ip4:23.253.182.0/23 ip4:104.130.96.0/28 ip4:68.233.68.14/32 ip4:146.20.112.0/26 ip4:146.20.113.0/24 ip4:146.20.191.0/24 include:_spf0000000.f5.com -all
    
    _spf0000000.f5.com spf:
    v=spf1 ip4:199.15.212.0/22 ip4:94.236.119.0/26 ip4:185.28.196.0/22 ip4:192.28.128.0/18 ip4:192.237.158.0/23 ip4:50.23.218.192/27 ip4:174.37.226.64/27 ip4:184.173.105.0/24 ip4:184.173.153.0/24 ip4:159.135.224.0/20 ip4:37.188.97.188/32 ip4:103.237.104.0/22 ip4:130.248.172.0/24 ip4:130.248.173.0/24 ip4:173.193.210.32/27 ip4:208.43.239.136/30 ip6:2a01:111:f400::/48 ip6:2a01:111:f403::/49 ip6:2a01:111:f403:8000::/50 include:_spf0000001.f5.com -all
    
    _spf0000001.f5.com spf:
    v=spf1 ip6:2a01:111:f403:c000::/51 ip6:2a01:111:f403:f000::/52 exists:%{i}.spf.hc5801-97.iphmx.com exists:%{i}._spf.mta.salesforce.com -all