← All toolsLive DNS resolution
SPF Complexity Score
Enter any domain to count its RFC 7208 DNS lookups, visualise the resolution tree, and see exactly where the complexity comes from.
Live DNS resolution, no account required. Monitor SPF alignment alongside DMARC.
See plans →Frequently asked questions
What is the SPF DNS lookup limit?
RFC 7208 requires that SPF evaluation use no more than 10 DNS lookups, counting
a, mx, include, exists, ptr, and redirect mechanisms. If a record exceeds 10 lookups, receivers must return permerror, which typically causes the message to fail SPF and may result in DMARC failure.What causes 'SPF too many DNS lookups'?
Each
include: directive in your SPF record causes a DNS lookup, and each included record may itself contain more include: directives. A common chain: your record includes SendGrid, SendGrid includes its own sub-records, those include further records. The count adds up quickly across nested chains.How do I fix SPF permerror from too many lookups?
Remove
include: directives for sending services you no longer use, replace include: chains with direct ip4: or ip6: ranges where you know the sending IPs, or use an SPF flattening service that auto-maintains a single flat IP list.Does SPF lookup count include ip4 and ip6 mechanisms?
No.
ip4: and ip6: mechanisms do not incur DNS lookups and do not count toward the 10-lookup limit. Only a, mx, include, exists, ptr, and redirect count.