[dmarc-discuss] SPF DNS lookup limit and 3rd parties

Dave Warren davew at hireahit.com
Tue Jun 3 16:34:10 PDT 2014

On 2014-06-03 06:59, Matt Vernhout via dmarc-discuss wrote:
> Michiel,
> I'd recommend you look at using a branded sub domain for your ESP 
> (esp.mycompany.com <http://esp.mycompany.com>) and CRM 
> (crm.mycompany.com <http://crm.mycompany.com>) solutions - then you 
> only need to authenticate against on vendor for each domain and not 
> against multiple vendors in a single record.

That only works to a point. If you are, for example, migrating between a 
Google Apps environment and a Office 365 environment, you may well have 
mail coming in and out of both environments for an indefinite period of 

SPF will fail for one or the other if you rely on includes and the 
vendor you're including uses up your entire quota of SPF DNS lookups.

 From a DMARC perspective though, DKIM can be used to sign mail and has 
no such limitation.

Dave Warren

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://dmarc.org/pipermail/dmarc-discuss/attachments/20140603/1621a66b/attachment.html>

More information about the dmarc-discuss mailing list