I can't seem to find a clear answer for this one, and I don't want to wreck my customer's e-mail. So I'm hoping somebody knows the answer.
I have a customer with a SPF-record with too many lookups (12). Apart from the 2 includes which are needed because of third parties, the SPF record is as follow:
v=spf1 a mx include:_spf.google.com include:third_party_URL include:third_party_URL ~all
When I run this through https://easydmarc.com/tools/spf-lookup, I notice it has a lookup for the mx and also for thr include:_spf.google.com. But the MX records for this domain all point to 5! different ASPMX.L.GOOGLE.COM-like addresses.
So that seems a bit overkill.
Does google still need the mx in the SPF?
The mx mechanism in SPF means "the mail servers for inbound mail are also used for outbound mail", and for domains using gmail that is normally true, however, you are already including google's outbound mail source ranges via the include mechanism, which I would expect to cover all the IPs used in gmail's MX records too.
As a result, you should be safe to remove the mx mechanism to save the lookups, but as always with DNS, limit consequences by setting a short TTL until you've confirmed it's working!
As for why so many MX records, gmail probably has thousands of mail servers, and they give a random selection of them to you when you set up your domain so that they are free to take servers in and out of service without disrupting your mail. The same can apply to A records, though typically only on larger sites or those using CDNs.