Since f838afb, the gem prioritizes a query to _spf.DOMAIN.EXT instead of using a query to the requested domain itself. This produces invalid results in case a domain publishes SPF records on both _spf.DOMAIN.EXT as well as DOMAIN.EXT.

In general, the only valid SPF record for a domain is in the TXT record of the domain itself. Nowhere in the spec (as far as I'm aware) does it specify that the _spf.DOMAIN.EXT record should be used in preference (or is even valid without explicit rules) rather than the record of the domain itself. Per the RFC, if _spf.DOMAIN.EXT is to be used, it has to be referenced on the domain itself via e.g. an include or redirect rule.

Thus, the automatic check for _spf.#{domain} in SPF::Query.query should preferably be removed completely there since it produced incorrect results for some domain. It even contradicts the examples from the README.md for e.g. facebook.com.

If it is not possible to remove this check for any reason, it should at least be de-prioritized from the check of the passed domain itself and controlled via a flag.

I'd be happy to provide a pull request to remove or deprioritize this check for _spf.DOMAIN.EXT.