It is very common for organizations, when constructing or modifying their SPF record, to run up against the 10 DNS lookup limit. This limitation restricts the number of DNS lookups that can be performed when an SPF record is evaluated.
SPF records usually contain ‘include’ statements that refer to other domains' SPF records to list servers that are allowed to send on behalf of the organization’s domain. Any parts of the SPF record that are listed after the 10th lookup has been reached will not be evaluated. This means that although you have listed something in your SPF record, it may not be evaluated, causing legitimate services to fail authentication via SPF.
Related article: