Forum Discussion
AP15
Altostratus
AltostratusSPF TXT lookup limit RFC 7208 4.6.4
Can someone please confirm best way to include more DNS lookup within SPF record. How does F5 implementation work for 10+ lookup records?
JRahm
Admin
AdminHi AP15 ... max 10 is the standard, you'll break SPF and bad things will happen, so you don't want to do that. However, there are ways to work around the issue. Check out autoSPF and analyze any domain and it will give you pointers. For example, the F5.com domain has a query count of 5/10, which they offer a solution to reduce to 2/10 by sharding the load like so:
f5.com spf:
v=spf1 ip4:40.92.0.0/15 ip4:40.107.0.0/16 ip4:52.100.0.0/14 ip4:104.47.0.0/17 ip4:72.3.185.0/24 ip4:166.78.68.0/22 ip4:104.219.104.14 ip4:104.219.105.14 ip4:104.219.106.14 ip4:104.219.107.14 ip4:72.32.154.0/24 ip4:72.32.217.0/24 ip4:72.32.243.0/24 ip4:209.61.151.0/24 ip4:198.61.254.0/23 ip4:23.253.182.0/23 ip4:104.130.96.0/28 ip4:68.233.68.14/32 ip4:146.20.112.0/26 ip4:146.20.113.0/24 ip4:146.20.191.0/24 include:_spf0000000.f5.com -all
_spf0000000.f5.com spf:
v=spf1 ip4:199.15.212.0/22 ip4:94.236.119.0/26 ip4:185.28.196.0/22 ip4:192.28.128.0/18 ip4:192.237.158.0/23 ip4:50.23.218.192/27 ip4:174.37.226.64/27 ip4:184.173.105.0/24 ip4:184.173.153.0/24 ip4:159.135.224.0/20 ip4:37.188.97.188/32 ip4:103.237.104.0/22 ip4:130.248.172.0/24 ip4:130.248.173.0/24 ip4:173.193.210.32/27 ip4:208.43.239.136/30 ip6:2a01:111:f400::/48 ip6:2a01:111:f403::/49 ip6:2a01:111:f403:8000::/50 include:_spf0000001.f5.com -all
_spf0000001.f5.com spf:
v=spf1 ip6:2a01:111:f403:c000::/51 ip6:2a01:111:f403:f000::/52 exists:%{i}.spf.hc5801-97.iphmx.com exists:%{i}._spf.mta.salesforce.com -all