Posts tagged ‘dns’

TechStars companies’ hosting decisions

The other day I stumbled across a post on Hacker News titled Chart of YC companies’ hosting decisions. The post caught my attention as it’s always interesting to see the decisions other smart founders are making. Being a TechStars alum, I immediately reached out to the creator, Joel Franusic and asked if we could make a similar chart for TechStars. He agreed and after finding a list of active TechStars companies the new charts are ready.

The charts were generated by an open-source tool built by Joel called domain-profiler. It’s a neat tool and surfaces publicly available information in a really interesting way. It’s also interesting to compare the TechStars graph with the Y-Combinator graph. For example, notice how MediaTemple has a deal with TechStars and gets a much larger slice of the pie for TechStars than YC. Some other things of note about the TechStars graphs:

  • Smaller percentage use Google Apps for email
  • Greater percentage use SSL certificates
  • Greater diversity in web hosts

Joel is a startup evangelist for Microsoft and I look forward to following his work with domain-profiler and other projects.


Too many DNS lookups in an SPF record

I recently noticed I was having new email deliverability issues. It surprised me since things had been going well since switching to AuthSMTP for our outgoing mail. The first thing I checked was my SPF record. It looked like this:

v=spf1 a mx -all

At first glance everything seems okay. Basically it says to include all A records, MX records, and to include the SPF records provided by Google Apps, AuthSMTP and Salesforce. Since that covers every legitimate sender, I finish it off with the -all which indicates a hard fail. Ok, so the syntax is good. You can’t tell that anything is wrong without digging a little deeper. When you actually try to evaluate it you’ll get this error message:

Results – PermError SPF Permanent Error: Too many DNS lookups

After a little research I found out that you are only allowed 10 DNS lookups and fetching the TXT and SPF records count toward that total. That means after you add in the A and MX lookups, we’re at 7 before we even look inside the includes. Let’s pull up the SPF record for Google Apps:


That redirect counts as another DNS lookup. That puts me up to 8 DNS lookups. Thankfully the Salesforce SPF record is nice and clean:

v=spf1 ip4: ip4: ip4: ip4: ip4: mx ~all

That leaves AuthSMTP:

v=spf1 ~all

Ouch! That’s 4 more lookups and the worst part of it is that doesn’t even do anything!

The first thing I did was take out the MX lookup since it’s redundant. I also replaced with which is what it redirects to anyway. Technically, this isn’t a good idea since Google could change it on me — but remember I don’t have a lot of options here. I’m just happy to see my revised record pass the test:

v=spf1 a -all

I also sent an email to the AuthSMTP team. They responded within 30 minutes saying that they would remove the extra DNS record and look at how they can clean things up.

I learned something tonight. Remember to count the DNS lookups in your SPF record. It turns out they can add up faster than points on a teenagers drivers license. And if you’re using a lot of includes like I am, remember to do periodic checks to make sure nothing has changed.


  • I wrote about Sending email through Gmail over a year ago. While I absolutely don’t recommend you try this anymore, it has some useful information on SPF records and email deliverability in general.
  • Kitterman have a great tool to help validate your SPF records.
Nowadays I recommend everyone use SendGrid for sending email