Automatic Flattening

Automatic Flattening


Automatic flattening is a dynamic feature offered by KDMARC that helps you overcome the problems caused by the SPF limit of a maximum of 10 records. 

What is SPF?

Sender Policy Framework (SPF) is an email authentication protocol that helps in protecting your email domain from being spoofed. However, the SPF specification has a limit of up to 10 DNS lookups to resolve an SPF record fully. As a single email delivery service can use more than one DNS lookups, combining these services can quickly result in the limit being exceeded. For instance, outlook.com uses 8/10 records, gmail.com uses 4/10, Office 365 uses 2/10 and other web hosting providers keep adding additional records, quickly exceeding the imposed limit. 

Problems Caused by SPF Errors

The biggest challenge you can face is that you will not even know when you have exceeded your SPF limit. Once you go over your DNS lookup limit, the domain validation or authentication may break, allowing threat actors to spoof or misuse your domain. This means that once the limit has been exceeded, every email that requires a DNS lookup won't achieve the complete result. You may even have many emails that fail to deliver without giving you any warning.

How to Overcome These Problems?

SPF flattening offers the most effective solution to the problems caused by the SPF lookup limit. Flattening refers to the replacement of all the domains in your SPF record with their respective IP addresses. Doing this waives the need for DNS lookups. However, there are several shortcomings associated with "manual" flattening. Email service providers may modify their IP addresses without notifying you, making your SPF record inaccurate. This can lead to various email delivery problems. To rectify this issue, you will have to monitor your service providers constantly and keep an eye out for these changes. 

How can Automatic SPF Flattening Help?

KDMARC’s Automatic Flattening feature automatically flattens your SPF record, eliminating any effort on your part. You can simply opt for the Automatic Flattening on the KDMARC dashboard for always returning public DNS queries with a flattened SPF record. It also keeps it updated with modified IPs periodically.

How to Opt for Automatic Flattening on KDMARC?

To opt for the Automatic Flattening feature on KDMARC, follow these simple steps:


Step 1: Go to the KDMARC Dashboard and click on Smart SPF.


Step 2: Select Automatic Flattening.



So, avail KDMARC’s automatic flattening feature for hassle-free monitoring and updating your domain’s SPF record. 



The way SPF works, once you exceed your DNS lookup limit, things start to break. The domain authentication or validation may break, or people may be able to spoof your domain for phishing. This means every email that needs a DNS lookup after that won't get the complete result. And since SPF comes with no error handling, you'll just have a bunch of emails that don't get delivered without any obvious warning, unless you know to look for it




    • Related Articles

    • Automatic Subdomain Discovery

      KDMARC offers the Automatic Subdomain Discovery feature that analyzes the entire outbound email channel of your domain and automatically lists down all of its subdomains. You can then apply filters on specific subdomains to see the data specifically ...
    • SMART SPF is not working

      SMART SPF is designed to pick up all your previous SPF records of your domain that have been reflected over your DNS. The aim is to aid in managing your SPF without going to the DNS server. Your SMART SPF might not work due to multiple reasons. Some ...
    • What is DKIM?

      DomainKeys Identified Mail (DKIM) signature proves that the email is authentic and that the sender was authorized to use the domain name in the sender address. DKIM is defined in RFC 6376. To use DKIM, an RSA key pair is created by the system that ...
    • My classification is not working properly

      My classification is not working properly The classification option allows a user to distinguish between threat, authorized and unclassified sources. Besides that, the option helps in establishing a better understanding of each domain. When you ...
    • How Smart DMARC Works?

      KDMARC is an analytical tool that complements the Simple Mail Transfer Protocol (SMTP) by monitoring all three of the standard email authentication protocols namely SPF, DKIM and DMARC. It offers a number of features to secure your email domains ...