Sudden SPF invalid problem relating to Google servers?

We’ve had our SPF record set up and have been using dmarcian for about a year and it’s been working fine with no problems and no changes.

Starting 2 days ago, we started getting alerts from dmarcian that our SPF record is invalid because 11 DNS lookups required to evaluate the SPF record. The maximum is 10.

And then, also starting 2 days ago, we started getting these warning message:

Screen Shot 2021-05-07 at 1.00.38 PM

Again, we’ve made no changes to anything recently.

Further research shows more details for the warning: “We recommend you remove the mx mechanism from your SPF record. It is against best practice to have an mx tag in the SPF when using round-robin DNS as it’s likely unnecessary and it also adds an additional DNS look-up.”

This is our SPF record:
v=spf1 mx a ip4: ip4: ip4: ~all

So it seems like I can/should just remove the “mx” text? But I don’t remember why we added it in the first place and whether it will break anything if we remove it. Is that really the best solution?

Yes, please remove ‘mx’ from the SPF record on that domain; it’s incorrect since you have the include for Google.
In many cases (and this is one) the use of ‘mx’ is not necessary since it indicates inbound infrastructure, but does not have relation to egress messaging.​

1 Like

Thank you, @Tomki ! I’ll remove the mx.

You can also remove

MailChimp use their own servers and domains in the Return-path/EnvelopeFrom, so they should not be included in the SPF record. They’ve recently come to their senses and revised their guidance: Set Up Email Domain Authentication ( See also SPF Problems with MailChimp - dmarcian.

Their old advice remains echoed at sites like mxtoolbox. com, though.