email bounce error 'SPF Permanent Error: Too many DNS lookups'

Anyone experience this and have a solution? Thank you in advance.

4 Replies

An SPF record is mis-configured. See:

If the report was about your Linode, you need to fix this with the DNS Manager. My (working) SPF record looks like this:

v=spf1 a mx a -all

Here's how to decode it:

If the report is about another domain, all you can do is beg the sysadmin there to fix it.

-- sw

SPF records are limited to 10 DNS lookups - I've seen this same error from Gmail.

For example: "" in an SPF record results in a lookup for the IP address of "" - that's 1 DNS lookup.

Including other SPF records ( is another source of DNS lookups.

Check your SPF record and see how many parameters would result in DNS lookups, and substitute IP addresses where possible.

Great answer @andysh! I learned something new today.

-- sw

@ph0tmd5, to mitigate Denial-of-Service (DoS) attacks, SPF implements the 10-DNS-lookup limit.

When the SPF implementation on the receiving email server encounters more than 10 DNS-querying mechanisms/modifiers in the sender's domain's SPF record, it returns "SPF PermError: too many DNS lookups".

Since an SPF PermError is interpreted by DMARC as fail, and consequently, the email might not land in the inbox, depending on the email server's settings.

Therefore, your best bet is to keep the DNS-querying mechanisms/modifiers in your SPF record <= 10.

Refer to:

You can use a tool like DMARCLY's Safe SPF ( to automatically/dynamically flatten your SPF record so that the DNS lookup count stays below 10.


Please enter an answer

You can mention users to notify them: @username

You can use Markdown to format your question. For more examples see the Markdown Cheatsheet.

> I’m a blockquote.

I’m a blockquote.

[I'm a link] (

I'm a link

**I am bold** I am bold

*I am italicized* I am italicized

Community Code of Conduct