-
Mostly already answered, please do note including Google this way is wrong – you want to use
_spf.google.com
or incur a penalty for the redirect:○ → host -t txt aspmx.googlemail.com aspmx.googlemail.com descriptive text "v=spf1 redirect=_spf.google.com" ○ → host -t txt _spf.google.com _spf.google.com descriptive text "v=spf1 include:_netblocks.google.com include:_netblocks2.google.com include:_netblocks3.google.com ~all"
That lookup will consume 5/10 all on its own – 4/10 still sucks but 20% less.
-
It will stop processing and return a permanent error – it’s up to the engine using the SPF to decide how it wants to treat a permanent error.
-
Yes – without the processing limits SPF mechanisms could be used as a DoS amplifier against a third party or second party.
As a workaround, emails can come from a subdomain of the main property – community.largecorporation.com
for instance.