If you run a service which might be responsible for sending mails on behalf of a customer, and consequently have an SPF record they need to "include:" in their own, I think that you should probably review it and see if you have an excessive number of DNS lookups in your SPF record.
The problem is that if a customer of more than one of these mail service providers, and they have multiple include elements in their SPF record, it’s all too easy to breach the 10 DNS lookup limit, which could lead to random email loss (recipient MTAs giving up on DNS lookups and bouncing/rejecting legitimate emails).
For instance (at the time of writing), include:_spf.salesforce.com resolves to the following: -
"v=spf1 include:_mtablock1.salesforce.com ip4:220.127.116.11/28 ip4:18.104.22.168/28 ip4:22.214.171.124/26 ip4:126.96.36.199/26 ip4:188.8.131.52/26 ip4:184.108.40.206/26 ip4:220.127.116.11/26 ~all"
which leads to include:_mtablock1.salesforce.com: -
"v=spf1 ip4:18.104.22.168/28 ip4:22.214.171.124/28 ip4:126.96.36.199/28 ip4:188.8.131.52/28 ip4:184.108.40.206/27 ip4:220.127.116.11/27 ip4:18.104.22.168/28 ip4:22.214.171.124/28 ip4:126.96.36.199/28 ip4:188.8.131.52/27 ip4:184.108.40.206/27 ~all"
Now, most of the SPF include records I’ve seen, are perfectly able to live in a single, long DNS record - longer than 255 characters - simply by separating them with '" " ' (an end quote, a space, a start quote and a space) - these breaks are not seen in the final record - See the Internet Systems Consortium Knowledge Base article, Can I have a TXT or SPF record longer than 255 characters? (https://kb.isc.org/article/AA-00356/0/Can-I-have-a-TXT-or-SPF-record-longer-than-255-characters.html
You can easily check the number of DNS lookups an SPF record requires, using dmarcian - SPF Surveyor (https://dmarcian.com/spf-survey/_spf.salesforce.com
In your case, you could flatten/minimise the records like so (the record is 2x <255 character sections): -
_spf.salesforce.com IN TXT "v=spf1 ip4:220.127.116.11/28 ip4:18.104.22.168/28 ip4:22.214.171.124/26 ip4:126.96.36.199/26 ip4:188.8.131.52/26 ip4:184.108.40.206/26 ip4:220.127.116.11/26 ip4:18.104.22.168/28 ip4:22.214.171.124/28 ip4:126.96.36.199/28 ip4:188.8.131.52/28" " ip4:184.108.40.206/27 ip4:220.127.116.11/27 ip4:18.104.22.168/28 ip4:22.214.171.124/28 ip4:126.96.36.199/28 ip4:188.8.131.52/27 ip4:184.108.40.206/27 ~all"
This change above, will allow the customer to safely include: your SPF record in theirs, so that you can continue to maintain the list of your IPs. Any solution that suggests that the customer put your IPs directly into their SPF record, is untenable.
I firmly believe that this small improvement in efficiency (1 fewer DNS lookup), as well as benefiting my company (as our SPF record is overcrowded), it should have a positive effect on the number of DNS queries the SalesForce DNS service will have to perform (~half as many). A 50% reduction in DNS server resources! I have no idea how large your infrastructure is, but that sort of increase in efficiency, could actually equate to a tangible cost saving.