What is SPF Flattening and Should you use it?
The 10 SPF lookup cap introduced by SPF is one of the SPF flattening restrictions. The problem arises from the possibility that a customer uses several separate mail service providers, each of which offers an inclusion mechanism that must be added to DNS in order to authenticate emails using SPF. When 10 SPF lookup limit is exceeded, some receiving MTAs may quit up, which could result in email loss.
Which brings us to the big question should you use SPF flattening? Read and find out.
Table of Content
- What is SPF and How does it work?
- What is SPF flattening?
- SPF Flattening: How Does It Work?
- The risks of SPF record flattening
- Final Thoughts: Should you flatten SPF?
- What to do if I have more than 10 SPF lookups?
What is SPF and How does it work?
Sender Policy Framework (SPF) is an email authentication standard that helps prevent email spoofing by specifying which mail servers are allowed to send email on behalf of a given domain.
When an email is sent, the receiving mail server checks the SPF record of the sender’s domain to verify that the sending mail server is authorized to send an email on behalf of that domain. If the sending mail server is not authorized, the email may be marked as spam or rejected.
What is SPF flattening?
SPF flattening is a process of converting an SPF record into a format that can be more easily read and understood by humans. This process can be useful when trying to troubleshoot SPF issues or when needing to share SPF records with others. There are fewer SPF lookups as a result. Otherwise, the existence of any of these techniques will needlessly increase the number of lookups.
SPF Flattening: How Does It Work?
The SPF flattening feature is built into the software which is used to generate the SPF record. This feature allows you to specify an alternate IP address or hostname that you would like the SPF record to resolve. This is useful if you have a web server or mail server that is behind a firewall or NAT router and is not directly reachable by the outside world. By specifying an alternate hostname or IP address in the SPF record, you can ensure that your server is reachable by everyone.
After the SPF record has been flattened, the domains that the mechanisms had previously directed to are now just represented by a collection of internet protocols in a single SPF record. The flattened SPF record only requires one DNS query, compared to the standard SPF record’s numerous requests. SPF flattening’s main goal is to minimize DNS requests in order to avoid email authentication failure.
The risks of SPF record flattening
As previously discussed, SPF record flattening is a process of breaking up a large SPF record into a series of smaller SPF lookup records that are easier for DNS servers to process. Although this process is often referred to as SPF record flattening, it is technically not flattening, but rather a series of individual records that are all included in the DNS record.
One of the risks of SPF record flattening is that it increases the chances of an SPF record being incorrectly processed. This is because each of the smaller SPF records must be correctly processed in order for the overall SPF record to be correctly processed. If even one of the smaller SPF records is incorrectly processed, the entire SPF record will be incorrectly processed.
Another risk of SPF record flattening is that it increases the chances of an SPF record being incorrectly parsed. This is because each of the smaller SPF records must be correctly parsed in order for the overall SPF record to be correctly parsed.
Final Thoughts: Should you flatten SPF?
We must give email recipients as much useful information as we can if we want to increase email deliverability and decrease spam. Skysnag automates DMARC, SPF, and DKIM for you, saving you the trouble and time required for manual configuration.
Flattening your SPF record does not accomplish that; at most, it lowers the receiver’s network traffic by a few hundred bytes while compromising reliability. You run the risk of configuration errors that could hinder delivery.
What to do if I have more than 10 SPF lookups?
Skysnag’s Genius SPF feature was developed to overcome the 10 SPF lookup limit with no flattening. Don’t go the flattening route, try a smarter way without getting into this hassle. Sign up for a free trial today.
Check your domain's DMARC security compliance
Enforce DMARC, SPF and DKIM in days - not months
Skysnag helps busy engineers enforce DMARC, responds to any misconfigurations for SPF or DKIM which increases email deliverability, and eliminates email spoofing and identity impersonation.