451 4.7.24 Suspicious SPF record
Meaning
The receiving server has temporarily rate-limited your emails because it detected suspicious or invalid entries in your domain's SPF record.
Common causes
- Your SPF record contains too many DNS lookups (exceeding the 10-lookup limit).
- Your SPF record has syntax errors or multiple SPF TXT records exist for the domain.
- The SPF record includes domains that are known to be malicious or blacklisted.
How to fix
- Check your domain's SPF record using an SPF validator tool.
- Ensure you only have one SPF TXT record per domain.
- Flatten or optimize your SPF record to stay under the 10 DNS lookup limit.
Provider notes
Gmail. States 'The SPF record of the sending domain has one or more suspicious entries. To protect our users from spam, email sent from your IP address has been temporarily rate limited.'
Example bounce
451 4.7.24 The SPF record of the sending domain has one or more suspicious entries.
FAQ
- What is the 10-lookup limit in SPF?
- SPF evaluates mechanisms like 'include', 'a', and 'mx' by performing DNS lookups. To prevent denial-of-service attacks, the RFC limits these lookups to 10. Exceeding this causes SPF to fail.
- How do I fix multiple SPF records?
- Merge them into a single record. For example, instead of two records with 'v=spf1 include:serviceA.com ~all' and 'v=spf1 include:serviceB.com ~all', use one: 'v=spf1 include:serviceA.com include:serviceB.com ~all'.