Menu
Fix deliverability Security Pricing
Theme
Guide

SPF flattening guide.

The 10-lookup limit, safe flattening approaches, and the pitfalls that break email delivery when you flatten incorrectly.

The problem: too many DNS lookups

Every include:, a:, mx:, ptr:, exists:, and redirect= in your SPF record costs a DNS lookup. RFC 7208 limits SPF evaluation to 10 lookups total — including nested lookups inside included records.

Modern organizations often use 5-10 sending services (Google Workspace, SendGrid, Mailchimp, HubSpot, Salesforce, etc.), each requiring their own include:. It's easy to exceed the limit.

What is SPF flattening?

SPF flattening replaces include: mechanisms with the underlying ip4: and ip6: addresses. Since IP mechanisms don't require DNS lookups, this reduces your lookup count without changing which servers are authorized.

Before flattening (3 lookups + nested)
v=spf1 include:_spf.google.com include:sendgrid.net include:mailgun.org ~all
After flattening (0 lookups)
v=spf1 ip4:209.85.128.0/17 ip4:74.125.0.0/16 ip4:167.89.0.0/17 ip4:159.135.0.0/17 ip4:69.72.0.0/16 ~all

The risks of flattening

IP addresses change
Email providers regularly add, remove, and change their sending IP ranges. If you flatten and don't update, your SPF will silently stop authorizing legitimate mail. This is the #1 flattening failure mode.
Record size limits
A single DNS TXT record can hold 255 characters per string (though multiple strings are concatenated). Flattening can produce very long records that hit DNS response size limits. If the response exceeds 512 bytes (UDP), it falls back to TCP, which some resolvers handle poorly.
Loss of visibility
When you use include:, it's clear which provider is authorized. Flattened IP blocks are opaque — you can't tell who owns ip4:167.89.0.0/17 at a glance. This makes debugging harder.

Safer alternatives

1. Remove unused senders
Audit your includes. If you stopped using a marketing tool, remove its include. This is always the first step — it's free, safe, and reduces complexity.
2. Consolidate providers
If you use 3 transactional email services, consider consolidating to 1-2. Fewer providers means fewer includes.
3. Use a dedicated subdomain
Send marketing email from mail.example.com instead of example.com. Each subdomain gets its own 10-lookup budget.
4. Automated flattening services
If you must flatten, use an automated service that re-resolves IPs on a schedule and updates your record. Never manually flatten and forget — the IPs will change.
Related tools
Let us handle it
DNS Doctors monitors your SPF lookup count, alerts you when you're close to the limit, and can manage flattening for you.
Learn more