What are the best tools and practices for consolidating SPF records?
Summary
What email marketers say9Marketer opinions
Email marketer from GlockApps mentions using SPF record checker tools to identify syntax errors, exceeding lookup limits, and other issues that can impact email deliverability. Regularly check SPF to identify areas that need improvement.
Email marketer from StackExchange Super User talks about SPF best practices - specifically only add domains that send on behalf of your domain, and ensure you are only using the required includes
Email marketer from EasyDMARC shares that Implementing DMARC monitoring provides insights into SPF failures and helps identify which services or domains are causing issues, facilitating a more targeted approach to SPF record consolidation.
Email marketer from Spiceworks community recommends using SPF record aggregation service to regularly comb through SPF records and flatten them.
Email marketer from Mailhardener recommends using dedicated SPF management tools that automate the process of flattening and maintaining SPF records, dynamically updating IP addresses to ensure deliverability.
Email marketer from Email Geeks explains that it's important to ensure the tool regularly checks include/DNS lookups, as IP blocks are added and removed periodically. Also, check for unnecessary include statements in SPF records related to the MAIL FROM address.
Email marketer from Email Geeks mentions that SPF flatteners with access to DMARC reports can identify unnecessary include statements.
Email marketer from Reddit shares the practice of manually consolidating SPF records by copying and pasting IP addresses from included domains into the primary SPF record to avoid excessive DNS lookups.
Email marketer from MXToolbox shares why you can not have multiple SPF records, and that it should be a single TXT record. You have to combine the records to be valid.
What the experts say3Expert opinions
Expert from Spam Resource explains that SPF can cause problems with forwarding because when someone forwards mail, it looks like it's coming from the forwarder, not the original sender, and the SPF check will fail if the forwarder isn't authorized to send mail for the original sender's domain. This isn't directly SPF consolidation, but is vital when consolidating SPF records to ensure legitimate forwarding continues.
Expert from Word to the Wise highlights the importance of maintaining your SPF records up-to-date and removing old entries when you stop using a service. They advise regularly reviewing SPF records as part of regular deliverability tasks.
Expert from Email Geeks shares a tool, autospf.com, that he has used and found to work fine for SPF record consolidation.
What the documentation says4Technical articles
Documentation from Google Workspace Admin Help explains the limitations of SPF records, stating that SPF records must not exceed 10 DNS lookups to prevent SPF validation failures.
Documentation from RFC 7208 defines the syntax and semantics of the Sender Policy Framework (SPF). It outlines how SPF records should be structured, including the use of 'include' mechanisms, 'a', 'mx', and 'ip4/ip6' mechanisms.
Documentation from Cloudflare explains that SPF flattening is a technique used to reduce the number of DNS lookups in an SPF record by replacing include statements with the actual IP addresses, helping to stay within the 10-lookup limit.
Documentation from AuthSMTP explains that reduce your lookups by using ip4 and ip6 definitions instead of includes where possible.