When evaluating the "mx" mechanism, the number of "MX" resource records queried is included in the overall limit of 10 mechanisms/modifiers that cause DNS lookups as described above.
But countRequest() is only called once, when the MX records are looked up (but not for each record returned that causes an A lookup)
There is a check that there isn't more than 10 MX records returned, which matches the following sentence in the RFC ("In addition to that limit, the evaluation of each "MX" record MUST NOT result inmquerying more than 10 address records"), but the lookup of an MX record seems to only count for one DNS request in total (as far as countRequest() goes).
An example of a SPF record that is accepted that should not be is something like:
with nine MX records attached to the same domain (should be over the limit as defined in the RFC, as it causes 11 DNS lookups, but this library will only count 3 - before includes are evaluated further).
RFC 7208 says:
But
countRequest()is only called once, when the MX records are looked up (but not for each record returned that causes an A lookup)https://github.com/Mika56/PHP-SPF-Check/blob/d5b0aa4fe98577751ccab9e6085f73bd28eccb75/src/SPFCheck.php#L243-L248
There is a check that there isn't more than 10 MX records returned, which matches the following sentence in the RFC ("In addition to that limit, the evaluation of each "MX" record MUST NOT result inmquerying more than 10 address records"), but the lookup of an MX record seems to only count for one DNS request in total (as far as
countRequest()goes).An example of a SPF record that is accepted that should not be is something like:
v=spf1 mx include:foo.example.com include:bar.example.comwith nine MX records attached to the same domain (should be over the limit as defined in the RFC, as it causes 11 DNS lookups, but this library will only count 3 - before includes are evaluated further).