How does the SPF 10-lookup limit work technically?

SPF lookup counting:

What counts as a lookup:

include: (one lookup, plus included record's lookups)

a: (one lookup)

mx: (one lookup per MX, plus A lookups)

redirect= (one lookup)

exists: (one lookup)

What does not count:

ip4: and ip6: (no lookup, literal values)

all (no lookup)

Recursive counting: include statements cause lookups of the included record, which may have its own includes.

Evaluation: Lookups counted during processing. If count exceeds 10, result is permerror. Authentication fails.

Example: 3 includes, each including 3 more = 3 + 9 = 12 lookups = permerror.

Limited number of cross-reference checks allowed. Exceed the limit and the verification process fails.