Configuring SPF, MX, and DKIM DNS records is a critical part of ensuring successful email delivery. These records include a TTL (Time to Live) parameter, which tells DNS servers how long to cache their entries. While TTL values are intended to ensure that changes to DNS records propagate within a predictable timeframe, unexpected behavior from some antispam providers can extend the impact of misconfigurations far beyond the TTL limit.
A Real-World Example of SPF Caching Gone Wrong
In one case we observed, Proofpoint, a well-known antispam provider, cached SPF records for longer than their specified TTL. This deviation from standard DNS behavior was likely done for performance reasons, as repeated DNS lookups for cached records can consume additional time and resources.
Our client’s SPF record included an erroneous directive for a short time—perhaps as little as 10 minutes. Despite promptly correcting the error, Proofpoint’s extended caching caused the problem to persist. All emails sent by our client during this period were flagged as failing SPF checks and quarantined by Proofpoint’s antispam system.
Other antispam providers that adhered to the TTL resolved the issue promptly, allowing emails to pass through without further interruption.

This incident underscores several critical points for e-mail administrators:
- Handle DNS Records with Extreme Care
Editing SPF, MX, or DKIM records can have far-reaching consequences. Even small errors in these records can disrupt email delivery, and caching behaviors beyond your control may exacerbate the issue. - Monitor DMARC Reports Regularly
Timely detection of email authentication issues is essential. Tools that provide automated DMARC monitoring and AI alerts can help quickly identify anomalies, like those caused by cached erroneous SPF records. In this instance, we identified the issue through our DMARC reporting tool and worked with Proofpoint’s support team to resolve it. - Use Subdomains for Email Sources
To limit the scope of potential issues, consider dedicating a subdomain to each email source. If an SPF record associated with a specific subdomain is misconfigured, the impact will be contained to that source, minimizing disruption to other email flows.s.