Over the past decade, it has become increasingly easier to send email. Countless Sources have entered the marketplace, each providing a specialized toolset tailored to address modern day needs of marketers, developers, and small businesses. Along with this expansion, email authentication, specifically SPF, has become an increasingly complex matter to navigate.
Within the SPF RFC specification (essentially internet law) there lies a practical limit of how many “DNS-querying mechanisms” a single SPF record can contain. That limit is ten. The ten maximum lookup states that a domain administrator (that’s you!) will not require the likes of Gmail or other receivers to conduct more than ten consecutive DNS lookups to see if you authorize a particular IP address to send mail on your behalf.
As it has become somewhat commonplace for any single organization to authorize a large number of disparate netblocks (due to the outsourced nature of email infrastructure), there remains what seems like the constant and unnecessary encroachment on the ten maximum lookup. This limit however remains entirely practical and should be observed to ensure timely delivery and favorable inbox rates. Further, the solution to avoid the limit is squarely addressed by other mainstream email best practices, long encouraged by major inbound receivers such as Gmail and Yahoo.
The single most practical solution to avoid the ‘too many lookups’ issue is to make use of sub-domains. As each discrete sub.domain is afforded its own ten lookup maximum, SPF is effectively boundless. Example: hello.com is permitted ten lookups + sub.hello.com is permitted ten lookups. Plainly put, you should never run in to the ten maximum lookup condition if you are correctly segmenting different mail streams (eg. transactional, corporate, marketing, etc.) on to discrete name space.
In this sub section “delivery tips’ of the Gmail postmaster site, it is recommended to;
- Use separate email addresses
- Send mail from different domains and/or IP addresses
In summary, you should not run in to the 10 lookup maximum. If you do, we’ve outlined some additional strategies and knowledge-base materials on how to navigate.