SPF Flattener

RFC 7208 caps an SPF record at 10 DNS lookups end-to-end. Domains that combine Google Workspace, HubSpot, Mailchimp, and a custom relay routinely blow past it — mail starts failing authentication with PermError. This tool recursively expands every include:, redirect=, a, and mx mechanism down to the underlying ip4: / ip6: literals. Result: zero DNS lookups at evaluation time.

We'll fetch the published SPF record and walk every nested include.

or

Useful when you're staging a record before publishing it.

Want continuous monitoring?

This tool is a one-shot check. PhishFence watches your domain 24/7 for DMARC changes, new lookalike registrations, and spoofing attempts.

Start free monitoring