What is SPF flattening?

SPF flattening resolves include: mechanisms to their actual IP addresses and replaces the includes with ip4:/ip6: mechanisms. Since IP mechanisms don't count toward the 10-lookup limit, this eliminates the lookup problem. The result is a longer but lookup-free SPF record.

Why can't I just flatten manually?

You can, but ESP IPs change. Google, SendGrid, Mailgun — they add, remove, and rotate IP addresses regularly. A manually flattened record becomes stale when IPs change. Stale = legitimate email from new IPs fails SPF. Automated flattening tools re-resolve and update daily.

What tools automate SPF flattening?

AutoSPF ($3-10/month): dedicated flattening service. EasyDMARC: includes flattening in their DMARC management platform. dmarcian: SPF management with flattening capabilities. All re-resolve includes daily and update the flattened record automatically.

Is flattening better than subdomain delegation?

Usually no. Subdomain delegation (routing different services through subdomains with separate SPF records) is more reliable, doesn't require ongoing tools, and doesn't break when IPs change. Flattening is a workaround when subdomains aren't feasible (brand requirements, legacy systems).

What are the risks of SPF flattening?

1) Stale IPs: if the flattening tool fails to update, new ESP IPs aren't in your record. 2) Record length: many IPs = long TXT record that some DNS providers truncate. 3) Tool dependency: if your flattening service goes down, updates stop. 4) Multiple TXT records: some flattening creates split records that may cause issues.

SPF Flattening: What It Is, When to Use It, and Tools

How Flattening Works

Before (with includes — 7+ lookups):

v=spf1 include:_spf.google.com include:sendgrid.net include:mailgun.org -all

The include: mechanisms chain to sub-includes:

_spf.google.com → includes _netblocks.google.com, _netblocks2.google.com, _netblocks3.google.com (4 lookups)
sendgrid.net → 1 lookup
mailgun.org → 1 lookup
Total: ~6-7 lookups

After flattening (IPs only — 0 lookups):

v=spf1 ip4:209.85.128.0/17 ip4:74.125.0.0/16 ip4:209.85.160.0/19 ip4:172.217.0.0/16 ip4:167.89.0.0/17 ip4:198.2.128.0/18 ip4:159.135.0.0/17 -all

All the IP ranges from Google, SendGrid, and Mailgun listed directly. Zero DNS lookups needed.

Flattening Tools

AutoSPF

Price: $3-10/month
How it works: You point your SPF to AutoSPF's managed record. AutoSPF resolves all includes daily and serves the flattened IPs.
Setup: Replace your SPF record with a CNAME or redirect to AutoSPF's managed record.

EasyDMARC

Price: Part of DMARC management plans ($8+/month)
How it works: Built-in SPF management with automatic flattening
Bonus: Also handles DMARC monitoring, BIMI, MTA-STS

dmarcian

Price: Part of their platform ($14+/month)
How it works: SPF record management with flattening capabilities

When to Use Flattening

Use flattening when:

Subdomain delegation isn't possible (brand requires root domain for all sending)
Legacy systems can't be moved to subdomains
You need a quick fix while planning subdomain migration
Organization policy prevents subdomain-based email addresses

Don't use flattening when:

Subdomain delegation is feasible (it's more reliable)
You have 3 or fewer sending services (probably under 10 lookups already)
You're not willing to pay for and maintain an automated tool

Flattening vs Subdomain Delegation

Factor	SPF Flattening	Subdomain Delegation
Reliability	Depends on tool uptime	Static DNS, very reliable
Maintenance	Ongoing tool subscription	One-time setup
Cost	$3-15/month	Free (DNS changes only)
IP change handling	Automatic (if tool works)	Not needed (includes still used per subdomain)
DNS record length	Can be very long	Short, clean
From: address impact	None (stays @yourdomain.com)	Changes to @sub.yourdomain.com
Best for	Must-use-root-domain scenarios	Most businesses

My recommendation: Subdomain delegation for 90% of cases. Flattening only when subdomains aren't feasible.

Risks of Flattening

Stale IPs. If your flattening tool fails to update, new ESP IPs aren't in your record. Those new IPs fail SPF. This can happen if the tool subscription lapses, the tool has an outage, or the DNS update mechanism breaks.
Long records. Flattened records with many IPs can exceed DNS TXT record limits (typically 255 characters per string, 4096 bytes total). Multiple TXT strings are needed, which some DNS providers handle poorly.
Tool dependency. Your SPF correctness now depends on a third-party tool running daily. If the tool goes down for a week while an ESP changes IPs, your SPF breaks.
Debugging difficulty. A flattened record with 20 IP ranges is harder to debug than an include-based record where you can see which service maps to which include.

Practitioner note: I recommend flattening to about 10% of my clients — those who absolutely must send everything from the root domain. The other 90% use subdomain delegation, which is simpler, more reliable, and free. If you're considering flattening because "it seems easier than subdomains" — subdomains are actually easier long-term.

Practitioner note: If you do use flattening, set up monitoring. Use MXToolbox SPF Lookup weekly to verify your flattened record is current and valid. If your tool fails silently, you need to catch it before deliverability degrades.

For a deep dive on the lookup limit, see the SPF 10-lookup limit guide. For an alternative approach, see SPF, DKIM, DMARC for multiple senders which covers subdomain delegation. For the complete SPF setup, see the SPF setup guide. If you need help solving the SPF lookup limit for your infrastructure, schedule a consultation.

Sources

RFC 7208: SPF (Section 4.6.4 — DNS Lookup Limits)
AutoSPF: autospf.com

v1.0 · March 2026