I was working on figuring out why emails forwarded through cyberpanel weren’t being received at gmail. During the troubleshooting process, I found the following error message when I went into Cloudflare to try to make sure my DNS settings were correct:
The number of lookups on your SPF record exceed the allowed limit of 10. This will result in emails failing SPF authentication.
My spf record was:
v=spf1 ip4:(myIPv4) ip6:(myIPv6) include:mydomain.com ~all
I think I had set that up once before. The example cyberpanel suggests for the spf record is:
v=spf1 a mx ip4:192.168.100.1 ~all
Obviously that does not include the IPv6 address, but it also doesn’t include the “include:mydomain.com” which is probably what the problem is.
Searching for a solution, I found this post on checking SPF DNS settings, and that helped me resolve the issue.
I started with this excellent tool to evaluate my SPF settings. The result was a scary 153 lookups that my SPF was trying to do. It looks like I should not have the include:mydomain.com as I suspected, as that is creating an infinite loop. It seems you are only supposed to include domains outside of your own domain that can be used to send emails. I’ll remove mydomain.com but this is the sort of thing that self-hosting a server leads to – getting beyond my depth. At some point perhaps I will read up more on SPF to better understand.
While that got rid of the error message in cloudflare, my emails were still not being forwarded. My email forwarding problem with Cyberpanel was something different (or at least in addition to this problem).