Email Security2026-04-039 min read

What is SPF flattening?

A practical guide to SPF flattening, including what a flattened record looks like, why teams consider it, and what risks it introduces.

What SPF flattening means

SPF flattening is the process of replacing include-based SPF mechanisms with direct IP address entries (ip4 and ip6).

Instead of relying on recursive lookups to external domains, a flattened record lists all authorised sending IPs explicitly.

Why teams consider flattening

Flattening is typically considered when an SPF record approaches or exceeds the 10 DNS lookup limit imposed by the SPF specification.

It can also make the effective sending infrastructure more visible by consolidating all allowed IPs into a single record.

Standard vs flattened SPF example

A typical include-based SPF record might look like:

example.com. 3600 IN TXT "v=spf1 include:spf.protection.outlook.com include:_spf.google.com -all"

A flattened equivalent would expand those includes into explicit IP ranges:

example.com. 3600 IN TXT "v=spf1 ip4:203.0.113.10 ip4:203.0.113.11 ip4:203.0.113.12 ip6:2001:db8::1 -all"

This removes recursive lookups but requires manual or automated maintenance.

How SPF lookup limits relate to flattening

SPF evaluation is limited to 10 DNS lookups, including mechanisms like include, redirect, mx, and a.

Exceeding this limit results in a permerror, which can cause legitimate email to fail authentication.

v=spf1 include:a.example.com include:b.example.com include:c.example.com include:d.example.com include:e.example.com include:f.example.com include:g.example.com include:h.example.com include:i.example.com include:j.example.com include:k.example.com -all

In this example, the lookup limit would be exceeded, making flattening or restructuring necessary.

Benefits

  • Eliminates recursive DNS lookups during SPF evaluation
  • Reduces risk of exceeding the 10 lookup limit
  • Provides a clear, explicit view of authorised sending IPs

Risks

  • Third-party provider IP ranges may change without notice
  • Flattened records can quickly become outdated
  • Manual maintenance increases operational overhead
  • Large flattened records may approach DNS size limits

What to check before flattening

  • Current SPF lookup count and whether it exceeds limits
  • Which sending services are actually required
  • How frequently provider IP ranges change
  • Whether automation is available to keep the record updated
  • Whether restructuring (e.g. removing unused includes) is sufficient instead
# Check SPF record
dig TXT example.com

# Identify includes
nslookup -type=txt example.com

When flattening makes sense

Flattening can be useful in controlled environments where sending IP ranges are stable and well understood.

It is often combined with automation tools that periodically rebuild SPF records based on provider data.

Without automation, flattening introduces risk and should be approached carefully.

Common mistakes

  • Flattening without ongoing maintenance or automation
  • Not validating that all required IPs are included
  • Breaking SPF alignment by removing necessary includes
  • Assuming flattening is always required instead of optimising the record

Related Tools

All Articles

Browse the full learning library.

DNS Audit

Run a broader DNS and email configuration audit.

Email Security Check

Review SPF, DMARC, DKIM, MTA-STS, TLS-RPT, and BIMI together.