Glossary

What Is SPF Flattening?

Written by Jack Zagorski | Oct 6, 2025 8:59:58 AM

What is SPF Flattening?

SPF flattening is the process of replacing “include” mechanisms in an SPF record with the resolved IP addresses of the referenced domains. This technique reduces DNS lookups to stay within the DNS lookup limit of 10, preventing authentication failures caused by overly complex records. Flattening simplifies SPF resolution but introduces challenges in long-term maintenance.

Flattening is often used when a domain relies on multiple third-party mail senders, each contributing several “include” statements. Without flattening, these nested includes can easily exceed DNS query limits during SPF evaluation, leading to a “permerror.”

How SPF Flattening Works

When flattening, an SPF record such as:

v=spf1 include:_spf.google.com include:_spf.mailprovider.com -all
 

is expanded to show the resolved IPs directly:

v=spf1 ip4:192.0.2.0/24 ip4:203.0.113.0/25 -all
 

This eliminates DNS recursion and ensures faster, more reliable lookups.

Pros and Cons of SPF Flattening

Advantages:

  • Reduces DNS lookups below the 10-query limit
  • Prevents SPF “permerror” authentication failures
  • Improves lookup performance and response time

Disadvantages:

  • Flattened IPs must be updated manually when sender infrastructure changes
  • Records become longer and harder to maintain
  • Increased risk of outdated IPs causing false SPF failures

Best Practices for SPF Flattening

If SPF flattening is required, follow these guidelines:

  • Automate the flattening process with scripts or DNS management tools
  • Regularly refresh flattened records to capture updated sender IPs
  • Document all third-party senders and confirm their IPs before publishing
  • Monitor DMARC reports for authentication consistency

SPF Flattening and DMARCeye

DMARCeye helps identify SPF records that exceed lookup limits and recommends flattening where necessary. The platform visualizes SPF dependency chains, highlights risky “include” loops, and alerts users when changes in third-party mail systems affect authentication results.

By combining SPF analysis with DMARC reporting, DMARCeye enables organizations to manage complex sender infrastructures efficiently while maintaining authentication reliability and compliance.

Sign up for a free trial of DMARCeye today and secure your email domain.

To learn more about DMARC and DMARC-related terms, explore the DMARCeye Glossary.
View full post