How does Macro-Flattening work as opposed to normal Flattening? : DuoCircle

What is Macro-Flattening?

Macro-Flattening is a technique that allows for a very large number of IP addresses to be included in your SPF record structure and is the easiest way to break through the cap imposed on normal flattening techniques by the 10-lookup limit in SPF evaluations. This enables virtually unlimited IP addresses to be authorized with minimal DNS lookups. It employs Macro mechanisms within SPF records allowing for dynamic evaluation based on the email being processed. Normal flattening simply maintains a series of very large but static SPF records chained together using the 'include:' mechanism.

How does it work?

AutoSPF will act as if there were one unique SPF record per IP address specified by your SPF record mechanisms. It uses a Macro syntax technique to direct SPF queries to a specific DNS entry depending on the IP address an email was received from. This approach uses only 2 DNS lookups regardless of how many IP addresses are authorized - one for the initial redirect and one for the dynamically constructed record. Here's how this is implemented:

AutoSPF will instruct you to replace your existing SPF record with one containing a redirect like this:

"v=spf1 redirect=yourdomain.com.on.autospf.email"

The SPF record in our DNS that the redirect leads to is in a format like:

"v=spf1 include:%{ir}.yourdomain.com.mcr.autospf.email -all"

%{ir} is a macro defined in the SPF specification (RFC 7208) and it expands to the reversed IP address of the sender.

This record uses the Macro placeholder '%{ir}' to tell the SPF evaluator to dynamically construct a domain based on the sender's IP, and then fetch and evaluate the SPF record from that resulting domain.

Example:

If a message is received from the IP 203.0.113.42, then:

include:%{ir}.yourdomain.com.mcr.autospf.email

becomes

include:42.113.0.203.yourdomain.com.mcr.autospf.email

If the IP address in question fits within your SPF record structure, the AutoSPF DNS servers respond to a request for the SPF record for:

42.113.0.203.yourdomain.com.mcr.autospf.email

with an SPF record generated on the fly containing just the one corresponding IP address:

"v=spf1 ip4:203.0.113.42 -all"

That SPF record will allow the email from 203.0.113.42 to be evaluated with a result of Pass.

If the IP address in question is not found within your SPF record structure, instead, the request will return the following SPF record which will cause a result of Fail for any message:

"v=spf1 -all"

Does Macro-Flattening keep up with changes to the contents of my SPF included domains?

Yes! Just like the standard Flattening service, AutoSPF will regularly monitor all include: mechanisms and other SPF entries within your record to keep the flattened IP address list current with any changes made by your email service providers.

How can I get this?

Macro-Flattening is included with AutoSPF Enterprise subscriptions and is also available to Premium customers for an additional fee. Contact technical support or upgrade your subscription if you need help getting access to this feature.