Skip to content
Cloudflare Docs
Docs DirectoryAPIsSDKs

DNS lookup limit

An SPF record lists which servers are authorized to send email for your domain. SPF records can reference other domains and services (for example, using include: or mx mechanisms), and each such reference requires a separate DNS lookup to verify. The SPF specification (RFC 7208) limits the total number of these lookups to 10 per SPF check. If your SPF record exceeds this limit, receiving mail servers may treat the SPF check as a permanent error and reject or flag your emails.

To check if your SPF records are compliant with the SPF specification:

  1. Log in to the Cloudflare dashboard, and select your account and domain.
  2. Go to Email > DMARC Management.
  3. In Email record overview, select View records.
  4. Find your SPF record, and select the three dots next to it > Edit.
  5. DMARC Management will inspect your records and check for the total number of DNS lookups. If the record exceeds the limit, DMARC Management will display a warning. To fix this, remove unnecessary entries in your SPF record. Refer to Manage DNS records for more information.