I've recently noticed that our SPF record is failing because we have 18 SPF records being looked up, which is over the 10 you can have.
Upon further investigation, it appears that the hubspot.com include is responsible for 9 of the 18 lookups (it has a very deep nested lookup function) once you dig into the details.
This is impacting my deliverability across ALL of my emails (our google, our sales orders, etc).
How in the world does a company like Hubspot have such poor structuring that it effectively prevents any other service from using a SPF on their primary domain?
We are a small business and now it seems we need to go about setting up subdomains and a bunch of other overhead to resolve this issue.
Is that the only way to do this? Am I missing something? Can someone at Hubspot explain why it's setup this way?
Thanks for the help and listening to the small vent.
I'm sorry for not following up sooner @kennedyp, it's worth noting @racoman that you actually don't need any SPF records for HubSpot to successfully send email because they are including the necessary info in the email envelope already. You can read more about it in this AMA post. They recommend it because it's preemptive, and I think maybe it's easier to let customers add an SPF than try to explain it's not really needed...or someone working on the tool didn't pick up on the nuance of the new requirements from Google/Yahoo (to their credit, they rolled out the new checks for SPF, DKIM and DMARC in record time).
If my reply answered your question please mark it as a solution to make it easier for others to find.
I removed the hubspot.com SPF lookup - that was the one causing all of the issues. It was doing an additional 9 lookups. Once I did that, I was under the threshold and everything is now fine.
I just find it odd that Hubspot has done such a poor job with how they handle this when sending emails from your CRM is maybe one of the most foundational elements of a CRM.
Hello @racoman , I don't know it is fine for you now. If you want to ensure that SPF and DMARC are set up correctly, you can use our free tool developed for HubSpot users: https://charik.app/verify
I removed the hubspot.com SPF lookup - that was the one causing all of the issues. It was doing an additional 9 lookups. Once I did that, I was under the threshold and everything is now fine.
I just find it odd that Hubspot has done such a poor job with how they handle this when sending emails from your CRM is maybe one of the most foundational elements of a CRM.
@kennedyp - thanks for the quick reply. I understand there are workaround, but it's more of a matter of why hubspot has structured such a critical function in such a way as to make workaround the default.
Some other questions that could prove helpful...
1. Is there a way to isolate the mailservers that hubspot is using for my specific account? That could allow me to reduce the includes?
2. Does hubspot have dynamic ip addresses for email? If so is there a range that could be reliably used to reduce the number of includes?
Thanks for the clarification, @racoman! The IP range covered by the SPF value we provide is the same IP range we provide in this Knowledge Base article. Please note that while rare, these IPs can change at any time which is why we generally advise against hardcoding our IPs into your SPF record, but depending on your circumstance it may be necessary to circumvent the 10 lookup limitation built into the SPF protocol. If you see SPF bounces, you would need to ensure your SPF record has the current IP ranges we provide since they may have changed.
Another alternative is to consider SPF flattening where an SPF value is automatically converted into the IP ranges and then published to their SPF record. Some tools automatically reflatten SPF records when the IP ranges change. I haven't used this service, nor is it HubSpot-approved, so I cannot speak to how reliable it is, but this company is an example that advertises such services.
Maybe another expert has some experience or can confirm my answer above. @Gaurav_Aggarwal have you come across this type of limitation or any workaround? 😊
Did you know that the Community is available in other languages? Join regional conversations by changing your language settings !
Hi @racoman -- thanks for your post. I do apologize for the impact this has had on your business. As you mentioned, you can have up to 10 include: statements for any given domain or subdomain. This Knowledge Base article has more things to consider when using multiple SPFs. It looks like @Josh & @Jnix284 provided a couple of workarounds to try out in this post. I recommend trying those out and then commenting back here and we can ask them for clarification as needed!
Best, Kennedy
Did you know that the Community is available in other languages? Join regional conversations by changing your language settings !
I'm sorry for not following up sooner @kennedyp, it's worth noting @racoman that you actually don't need any SPF records for HubSpot to successfully send email because they are including the necessary info in the email envelope already. You can read more about it in this AMA post. They recommend it because it's preemptive, and I think maybe it's easier to let customers add an SPF than try to explain it's not really needed...or someone working on the tool didn't pick up on the nuance of the new requirements from Google/Yahoo (to their credit, they rolled out the new checks for SPF, DKIM and DMARC in record time).
If my reply answered your question please mark it as a solution to make it easier for others to find.