Using SPF can sometimes be disadvantageous too. Below are a few drawbacks of using SPF.
- Email Forwarding: When an email sent from an authorized IP address is forwarded, the IP address of the person forwarding the email won’t be recorded.
- End-User Discretion: Attackers might build a domain similar to yours. Since the end-users do not check the Return-Path/mailform domain, they might fall victim to phishing attacks from such fake domains.
- Third-Party Vendors: Domain owners depend on third parties that use their domain names. Therefore, there is a constant need to continuously update the SPF record list, which can be inconvenient.
- Limited DNS Lookup: A single SPF record allows checking only 10 DNS lookups.