**Details** - Point of contact for this request: @ggillies @dawsmith @T4cC0re **SRE Support Needed** we have too many applications that require SPF records to authenticate them as permitted to send on behalf of gitlab.com and if i recall correctly, we can only have ten lookups before it fails https://gitlab.com/gitlab-com/gl-infra/infrastructure/-/issues/8084 we could potentially have two solutions: 1. we should have first level applications that are approved to use the gitlab.com and the rest should use a subdomain. (similar to how we solved this for tipalti) https://gitlab.com/gitlab-com/business-ops/team-member-enablement/issue-tracker/-/issues/977 2. setup more than one sending server as proposed here https://gitlab.com/gitlab-com/business-ops/Business-Operations/-/issues/93 **additional suggestion** 1. provide handbook policy on how to get SPF, DKIM and DMARC help/info/changes 1. have a way to view changes to the records over time (yml? link to MRs?) 1. approval process through enterprise applications to add SPF records in order to prioritize changes cc @pkaldis @ccnelson @bryanwise <!-- please do not edit the below -->