It’s time to bid goodbye to SPF flattening, as DMARCian announced that they’re discontinuing support for SPF flattening. For those who don’t know, SPF flattening is a mechanism that allows domain owners to define a single set of SPF records to govern all subdomains within the domain. But it often led to configuration errors and issues with email authentication. DMARCian emphasized that it’s crucial to adopt a more secure email authentication method like DKIM or DMARC, which eliminates the need for SPF flattening altogether. This announcement comes as part of the industry’s shift towards better email authentication practices in the aftermath of several high-profile phishing attacks targeting business email users. So, wave goodbye to SPF flattening and embrace the future with more secure email authentication measures.
Excerpt from the main article:
SPF flattening is functionality meant to help deal with overly chunky SPF records that contain too many references to too many different service providers or IP addresses.SPF flattening came about to be a solution a very specific problem: That a lot of senders utilize multiple service providers, utilizing business email platforms like Outlook 365 or Google Workspace, CRM tools like Salesforce, ESP tools like Mailchimp, and more. Each of these comes with guidance to add a specific “include” to an SPF authentication record, and if you add enough of these different “includes” from a multitude of providers, you end up with complex DNS records that take far too many DNS lookups to fully process, beyond what is allowed in the SPF specification. Dmarcian indicates that their “SPF Surveyor” was the first tool to help address this problem by reading your existing SPF record, and providing a new, smaller, “flattened” SPF record
DMARCIAN: Ending the SPF Flattening Experiment was originally published on Spam Resource: All Things Deliverability