Suped

What are the best practices for DNS lookups, SPF records, and subdomain usage for email deliverability?

Summary

Managing DNS records, particularly SPF, and strategizing subdomain usage, is critical for email deliverability. The primary challenge often revolves around the SPF 10-lookup limit, which can cause authentication failures if exceeded. This limit includes all mechanisms that require a DNS query, such as include, a, and mx. Subdomains offer a solution by allowing separate SPF records, which can mitigate the lookup limit issue and isolate sending reputations for different email streams, like marketing versus transactional emails. However, switching to a subdomain or managing dedicated IPs also introduces its own set of considerations for deliverability.

Suped DMARC monitor
Free forever, no credit card required
Get started for free
Trusted by teams securing millions of inboxes
Company logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logo

What email marketers say

Email marketers often face the practical challenges of balancing technical requirements, like SPF lookup limits, with business goals, such as maintaining strong sender reputation and deliverability. Many agree that subdomains are a viable solution for managing multiple sending platforms and large email programs, but they also highlight the potential for negative impacts if not implemented carefully.

Marketer view

Email marketer from Email Geeks suggests that modifying SPF records to use specific IP addresses might not always be feasible or work as intended. They recommend using a subdomain as a common solution to address the SPF DNS lookup limit. They also note that choosing between safer and more aggressive approaches for domain changes depends on a sender's risk tolerance.

29 Sep 2019 - Email Geeks

Marketer view

Email marketer from Campaign Refinery states that DNS records, including SPF, DKIM, and DMARC, are vital for authenticating an email's source. These records ensure emails originate from a legitimate sender rather than a malicious impersonator, thereby enhancing trust and deliverability.

29 Dec 2023 - Campaign Refinery

What the experts say

Email deliverability experts emphasize that while there's no universal answer for every email sending situation, adherence to core principles of DNS management and SPF configuration is paramount. They consistently highlight the critical nature of the SPF 10-lookup limit and the potential negative impact of significant changes, like switching sending domains or using dedicated IPs, if not managed correctly.

Expert view

Expert from Email Geeks notes that there isn't a single universal answer for every email sending scenario. The optimal approach for DNS lookups, SPF records, and subdomain usage varies significantly based on individual circumstances and the complexity of the email program.

29 Sep 2019 - Email Geeks

Expert view

Expert from SpamResource warns that exceeding the 10-DNS-lookup limit for SPF records will inevitably lead to authentication failures. They state that such failures result in emails being rejected outright or, at best, routed directly to the spam folder by receiving mail servers.

22 May 2024 - SpamResource

What the documentation says

Technical documentation and industry standards provide the foundational rules for DNS lookups, SPF records, and subdomain usage. These sources highlight the rigid limitations, such as the SPF 10-lookup limit, and explain how proper configuration is essential for email authentication protocols like SPF, DKIM, and DMARC. Adherence to these documented best practices is critical for ensuring reliable email deliverability and protecting against spoofing.

Technical article

RFC 7208 (SPF) outlines that Sender Policy Framework (SPF) records are fundamentally designed to delineate authorized senders for a given domain, which is a key measure against email spoofing. The specification explicitly includes a crucial limitation on the number of DNS lookups permitted during the SPF validation process to ensure efficiency and prevent abuse.

22 Apr 2014 - RFC 7208

Technical article

RFC 7208 (SPF) specifies that the SPF processing limit for DNS lookups is capped at 10. This count includes all mechanisms that initiate a DNS query, such as a, mx, ptr, and exists, as well as include mechanisms that necessitate further lookups. Exceeding this limit results in a PermError.

22 Apr 2014 - RFC 7208

15 resources

Start improving your email deliverability today

Get started