No one has responded to this discussion for at least a year, so this information may be out of date. If you're looking for information about this topic, please search for a more recent discussion or post a new question.

SPF record exceeding DNS Lookups

This question is not answered This question is not answered

Microsoft recommends adding the “” in your SPF (TXT) DNS record, see the O365B tenant space | Domain Properties | DNS Settings. Doing this pushes us over the 10 DNS lookup limit for SPF records, see text below.
    Checking to see if there is a valid SPF record.

    Found v=spf1 record for
    v=spf1 ~all

    Results - PermError SPF Permanent Error: Too many DNS lookups has an “include:” for and
    Found v=spf1 record for
    v=spf1 -all

Is there a Microsoft recommended and supported method to reduce the lookups related to Office 365?


1 out of 2 people found this post helpful.

All Replies
  • After adding to your SPF record you may received NDR or experience SPMA filtering issues sending mail to some third parties if you also have other entires in your SPF records that cause the number of DNS lookups to exceed 10. This depends on how the recipients handle the resulting Permanent Error when doing and SPF lookup on your domain.

    While you cannot exceed the 10 DNS lookups on an SPF record - you can work around this by using IP's in your SPF record instead of DNS names.

    This involves performing name lookups for the SPF records associated with (with the hotmail includes) or other providers you have defined in your SPF record and listing them as IP in your record.

    You may be able to automate/script this process using DNSLINT command to resolve the spf records to IP's and DNSCMD to update your SPF records



    1 out of 1 people found this post helpful.

  • Hi,

    This seems exactly what I need but is it possible also with office365?

    We manage our DNS at go daddy.

    We get for dig TXT

    "v=spf1 ip4: ~all"

    which is ~8 lookups, which one do I drop if we use only email? Will using IP will help in anyway

  • I'm in the same boat.

    I read another post that says you have reduced the number of look ups to 7 (including the lookup itself). That post was from April 2012 though, and it looks like you have bumped it back up to 8, plus itself, which makes a total of 9.

    I need to add 2 more look ups to my spf, but I am unable to because of taking up 9 of them already.

    Does anyone have any suggestions on how to "rework" the spf to free up at least one dns lookup?

  • I have the same problem. I have only three spf records:, newsletter system and webshop. The newsletter and webshop don't lookup more records, but will loopup 9! I think that is ridiculous!

    Is there any support employee that can help? I don't understand the technet link

  •  shows the actual 8 queries that the new SPF guideline for o365 ( uses.   Just plug in a fake IP ( and your email address and watch how it does the evaluation.  Now, note it does not actually cause a failure due to too many DNS lookups (it will exceed 10), but it will show you exactly the number of queries your current SPF requires.

    1 out of 1 people found this post helpful.

  • I have the same issue/complaint...  I have application, newsletter, and outlook.  I have the too many DNS Lookups issue.  is there any other creative way of addressing this?  or could MS consolidate their mail sources!