Recurring loop problem with spf record

Natural · July 1, 2020, 11:08am

My SPF record is below, along with the errors im getting in the dmarcian spf testing…

I don’t know why its looking up so many IP addresses for my domain? It is on cloudflare, not sure that should effect the loop in SPF when i have the IP address set for the server?

I am trying to correct the problem below, please any advice is appreciated!!

v=spf1 a mx include:natural-sciatic-relief.com ip4:209.133.209.251 ~all

ERROR 153 DNS lookups required to evaluate the SPF record. The maximum is 10.
ERROR Too many include mechanisms / redirect modifiers encountered. The SPF Surveyor can process a maximum of 50.

eric · July 2, 2020, 3:05pm

I’m not sure if the site you’re having trouble with is the “natural-sciatic-relief.com” that appears in the SPF record you posted, but if it is then there are a couple of issues I can see with the current SPF record including it appears that you have included the “v=spf1” portion of the record twice and there is an extra “include:” modifier without any reference of what to include.

https://dmarcian.com/spf-survey/?domain=natural-sciatic-relief.com

The record currently reads

v=spf1 a mx include:natural-sciatic-relief.com include: ip4:209.133.209.251 v=spf1 include:_spf.mailerlite.com ~all

It should read more like:

v=spf1 a mx include:natural-sciatic-relief.com ip4:209.133.209.251 include:_spf.mailerlite.com ~all

Without knowing the full background of this website, I also suspect that it is not necessary to include the line “include:natural-sciatic-relief.com” -I think this is causing your looping problem.

In the end, the record likely should read more like this:

v=spf1 a mx ip4:209.133.209.251 include:_spf.mailerlite.com ~all

Best wishes!

UffeA · July 6, 2020, 7:35am

As eric already pointed out, you can’t have “include:natural-sciatic-relief.com” in the SPF record for the “natural-sciatic-relief.com” domain. That is a recursive reference.

Next issue - there’s no associated SPF record for _spf.mailerlite.com, so that will fail as well.

Looking at SPF record for mailerlite.com suggest that the correct include could be “_spf.mailerlite.io”:
$ dig txt mailerlite.com +short
"v=spf1 include:_spf.mailerlite.io include:_spf.google.com include:_spf.mlsend.com include:_spf.mailersendapp.com include:helpscoutemail.com ip4:46.101.232.166 ip4:185.79.247.75 ~all"

I suggest this SPF record:
"v=spf1 include:_spf.mailerlite.io a:natural-sciatic-relief.com ip4:209.133.209.251 mx -all"

Note that the mechanisms should be order after volume, so that the most used mechanism (i.e. highest mail volume) should appear first in the record.

Topic		Replies	Views
Sudden SPF invalid problem relating to Google servers? Technical Help	3	1017	May 18, 2021
Help reducing DNS Lookups on SPF record	5	691	October 20, 2022
DNS: Too Many DNS Lookups Technical Help	0	1012	May 30, 2019
SPF error, ‘The number of lookups on your SPF record exceed the allowed limit of 10 Technical Help	3	1497	December 9, 2022
MeridianLink (specific vendor) Questions Technical Help	4	478	March 8, 2022

Recurring loop problem with spf record

Related Topics