Email health
SPF 10-DNS-lookup limit
An SPF record that triggers more than 10 DNS lookups during evaluation returns `permerror` — meaning every receiver treats it as if you had no SPF at all. The fastest path to silently broken DMARC.
What it is
RFC 7208 §4.6.4 caps the count of `include`, `a`, `mx`, `ptr`, `exists`, and `redirect` terms that drive DNS queries at 10 per evaluation. Each `include:` to a third-party ESP can chain into many sub-lookups, and the budget is easy to blow past once a domain uses three or four senders.
Why it matters
Once over the limit, SPF returns `permerror` and DMARC alignment via SPF fails for every message — DKIM has to carry the entire DMARC pass alone. Most senders never notice until a Gmail postmaster report shows DMARC pass-rate collapsing.
Who it applies to
Any domain whose SPF record uses three or more `include:` terms.
How WQI scores it
Web Quality Index considers this standard satisfied when the supporting factor passes.
| # | Factor | Status |
|---|---|---|
| 82 | SPF lookup count (10-limit deliverability check) | planned |
0 of 1 supporting factors are currently collected. Sites where the remaining 1 haven't been measured will show as partial or unknown on this standard until the data lands.