You're on your way to the next level! Join the Kudos program to earn points and save your progress.
Level 1: Seed
25 / 150 points
1 badge earned
Challenges come and go, but your rewards stay with you. Do more to earn more!
What goes around comes around! Share the love by gifting kudos to your peers.
Keep earning points to reach the top of the leaderboard. It resets every quarter so you always have a chance!
Join now to unlock these features and more
We are trying to setup our domain for the Status Page emails to our customers (so we want to avoid them being sent from email@example.com).
sts-zendeskinclude and when that didn't work, also removed the
sts-pg.customer.cominclude to resolve the issue with too many DNS lookups.
Also there is a message at the bottom that says:
When resolving your SPF record, more than 10 DNS requests were required. Unfortunately this means the SPF record is invalid. You'll need to explore ways to reduce the number of DNS lookups in your SPF record. Maybe you can remove some includes?
Though the expected value above includes what we need, it will unfortunately not work as is. SPF has a hard limit of 10 DNS lookups, and adding the "include:stspg-customer.com" bit will tip your record over that limit. Please find a way to reduce DNS lookups in the rest of your SPF rules, or contact our support team for more help.
Do you have any ideas what we can look into to get this sorted?
Any help is appreciated!
Egor here with the StatusPage team, thanks for reaching out!
The 10 DNS Lookup limit for SPF records is a hard limitation of the spec itself, and one that we would not have any way to directly bypass or ignore. In order to address this error and ensure a valid SPF record, there are two primary options we suggest:
1. Optimize your current record. If there are any unused ips or includes for services still referenced in the record, or unnecessary a or mx lookups taking place, removing those will reduce your DNS lookups. This may take some research and testing by you and your team.
2. Utilize a unique subdomain for StatusPage emails. By changing your 'From' email from <firstname.lastname@example.org> to something like <email@example.com>, that will give you a clean SPF record on <notifications.company.com> to utilize, avoiding the lookup limit.
The 10 DNS lookup limit is not a limit on how many 'includes' can be referenced inside of an SPF record, but a limit on how many DNS lookups in total can be used to resolve the entire SPF record. RFC 4408 section 10.1 (https://tools.ietf.org/html/rfc4408#section-10.1) goes into some specific details, but in short each 'include' can count as 1 or more DNS lookups, depending on what records are set inside the included domain.
A great tool to visualize DNS lookups is this DMARCIAN SPF Survey, where you can just put in a domain and it enumerates all the DNS lookups that are done: https://dmarcian.com/spf-survey/
In the case of peachpayments.com there are currently 16 DNS lookups required to resolve the SPF record.
Should you need any other information or help, please do let me know.