If you’re reading this, you may have been directed here because you were told that your SPF record suffers from a “too many lookups” error.
The specifications for the SPF record limit the number of DNS lookups to 10 (such as, translating a name to an IP address).
How do you know if your SPF record has this issue? Go to this site, enter your domain name, and then click the “Get SPF Record (if any)” button.
An SPF record like this:
v=spf1 a mx include:outlook.com include:jangomail.com -all
…will have too many lookup errors. Outlook.com, by itself, eats up 10 lookups. This effectively blocks any other entries such as "a", "mx", and any other "includes". The entries in the SPF record that contribute to a lookup include "a", "mx", "ptr", and "include".
How do you resolve too many DNS lookups?
1. Use a subdomain to send your email marketing messages. For example, if your acme.com domain would go over the 10 lookups limit by including jangomail.com, then send using something like news.acme.com. “News” could be replaced by anything you want, such as support, info, newsletter, or jm. You won’t be using this subdomain for anything other than sending through an email service provider, which greatly simplifies the SPF record you need.
In your DNS, after you’ve created a new subdomain, create a new TXT record. The “host” value will be the subdomain name (instead of @). The TXT value will be:
v=spf1 a mx include:jangomail.com -all
Note: you’ll also need a domain key for the subdomain. Go through the steps here, with the exception being that your domain key will include the subdomain name. If I am using news as my subdomain, then the selector value can be jm (assuming you use jm, or use jangomail, or use whatever you’d like, keeping it to one word). The domain name entry to generate the key in JangoMail/JangoSMTP is your_subdomain_name.com (ex: news.acme.com). View the key and copy the long “k=rsa” string into your clipboard.
When you go into your DNS settings to create the new TXT record, the host value will be jm._domainkey.news. Paste in the string you just copied. You cannot re-use the parent value “k=rsa” string with the subdomain; it has to be its own new/unique value.
Note: if you use a subdomain, don’t forget to include an inbox for the FROM address you’re using. You can have replies to that address forwarded elsewhere so you don’t have to monitor it, plus you can use a REPLY-TO address in your message. Replies normally go to the FROM address. If you have a REPLY-TO address, then that is where replies will go – usually. When someone sends back an out-of-office reply, that can either go to the FROM or the REPLY-TO address; there is no enforced email standard as to where those should be directed.
2. Bite the bullet and enter what you need via its IP address. If you’re using outlook.com in your SPF record, *everything* you enter must be via IP address. If you are using a dedicated IP address with us, you can enter it as ip4:xxx.yyy.zzz.bbb (ex: ip4:220.127.116.11 – this is not an IP address we use; it’s just a numerical example). If you have more than one IP address with us, enter both of them ip4:the_first_address ip4:the_second_address, and so on.
You can use the full translation of “jangomail.com,” but there is no guarantee that the IPs we use will always be the same. The “jangomail.com” domain uses an SPF record of:
v=spf1 include:spf-a.jangomail.com include:spf-b.jangomail.com include:spf-c.jangomail.com include:spf-d.jangomail.com -all
That’s 4 lookups after the initial one for jangomail.com. Individually, they resolve to:
v=spf1 ip4:18.104.22.168/24 ip4:22.214.171.124/24 ip4:126.96.36.199/24 ip4:188.8.131.52/24 ip4:184.108.40.206/24 ip4:220.127.116.11/24 ip4:18.104.22.168/24 ip4:22.214.171.124/24 ip4:126.96.36.199/30 ip4:188.8.131.52/24 -all
v=spf1 ip4:184.108.40.206/24 ip4:220.127.116.11/24 ip4:18.104.22.168/24 ip4:22.214.171.124/32 ip4:126.96.36.199/24 ip4:188.8.131.52/24 ip4:184.108.40.206/29 ip4:220.127.116.11/32 ip4:18.104.22.168/24 ip4:22.214.171.124/24 -all
v=spf1 ip4:126.96.36.199/24 ip4:188.8.131.52/24 ip4:184.108.40.206/24 ip4:220.127.116.11/24 ip4:18.104.22.168/32 ip4:22.214.171.124/24 ip4:126.96.36.199/24 ip4:188.8.131.52/32 ip4:184.108.40.206/25 -all
v=spf1 ip4:220.127.116.11/24 ip4:18.104.22.168/24 ip4:22.214.171.124/24 ip4:126.96.36.199/29 ip4:188.8.131.52/32 ip4:184.108.40.206/24 ip4:220.127.116.11/24 ip4:18.104.22.168/24 ip4:22.214.171.124/27 ip4:126.96.36.199/29 -all
Just for grins
What does outlook.com resolve to? Since you asked…
By itself, outlook.com is:
Each subsequent "include" is shown below:
If you're still with me, thanks for reading!
For more on Deliverability:
Last Updated: AH 10.30.14