In the context of SPF (Sender Policy Framework), “permerror” stands for “permanent error.” It is an error condition that occurs when SPF processing encounters a permanent failure or a configuration problem that prevents a definitive determination of the sender’s authorization.
When an email server receives an incoming email, it may perform an SPF check to verify if the sending server is authorized to send emails on behalf of the claimed domain. The SPF record for the domain specifies the authorized mail servers for that domain. During the SPF check, if an error occurs that prevents the proper evaluation of the SPF record, the result is considered a permerror.
Some common causes of permerror in SPF include:
- Invalid syntax: The SPF record may contain syntax errors or be formatted incorrectly, causing the SPF check to fail.
- DNS resolution failures: SPF relies on DNS (Domain Name System) lookups to retrieve the authorized mail servers for a domain. If there are DNS resolution issues, such as timeouts or failures, a permerror may occur.
- Exceeded DNS lookups limit: SPF allows a limited number of DNS lookups during its evaluation. If the SPF record exceeds this limit, it may result in a permerror.
- Invalid or unsupported mechanisms: The SPF record may include unsupported or incorrectly specified mechanisms, resulting in a permerror.
When an email server encounters a permerror during SPF processing, it generally has a policy in place to determine how to handle such errors. The policy may vary depending on the server’s configuration, but common approaches include treating permerror as a “soft fail” (e.g., marking the email as potentially suspicious but still delivering it) or treating it as a “hard fail” (e.g., rejecting the email outright).
It’s important to investigate and address permerror issues promptly to ensure proper email authentication and prevent potential delivery problems or abuse.
*To avoid PERMerror in your SPF use our hosted ioSPF solution.
