Summary
When enabling SPF authentication on DDEI, sometimes for a specific domain, DDEI returns "PermError".
Details
"PermError" usually means that the SPF record itself has an error. When DDEI checks SPF, it will first get SPF records. Take test.com as an example:
v=spf1 include:spf-01.test.com include:spf-02.test.com include:spf-03.test.com include:spf-04.test.com include:spf-mmta.test.com include:ess-spf.cloud.test.com ~all
DDEI will then parse all records one by one. If the IP adrress is already included in spf-01.test.com or spf-02.test.com, it will not query records for spf-03.test.com. If DDEI cannot get the client IP until the last records, it will return "PermError".
You may capture network packets of SPF query to find out the above information.
