Skip to main content

Condense SPF records to network blocks to avoid DNS Lookup Limits

Project description

|Build Status|


We had a problem in our organisation that caused our SPF records to become invalid:

When customers computers were querying our SPF records, there were more than 10 lookups required after following all of the ``include:`` remarks.

Solution? Query them ourselves, and create a much more condense list of SPF records.

But wait... What if the downstream records change?

Part of what the script does is that it creates a JSON file that keeps track of the last list of IP Addresses that your combination of SPF records had.

When the hashsum of your IP Addresses changes, it will send out an email (or just dump HTML if it can't find an email server) with a handy diff & BIND format for viewing what has changed, and promptly updating it.

You could theoretically extract the flat IP records from the resulting JSON file and automatically update your DNS configuration with it.

How do I install it?

via git clone

Clone this repo and run

.. code:: shell

pip install -r requirements.txt
python install

You can also do this from within a virtualenv if that tickles your fancy (I recommend it).

via pip

.. code:: shell

pip install sender_policy_flattener

this package also supports RPM builds

.. code:: shell

yum -y install rpm-build
python bdist_rpm

How do I use it?

Python 2.6, 2.7, or 3.3+ is required.

Here's the usage:

.. code:: shell

usage: spflat [-h] [-c CONFIG] [-r RESOLVERS] [-e MAILSERVER] [-t TOADDR]

A script that crawls and compacts SPF records into IP networks. This helps to
avoid exceeding the DNS lookup limit of the Sender Policy Framework (SPF)

optional arguments:
-h, --help show this help message and exit
-c CONFIG, --config CONFIG
Name/path of JSON configuration file
Comma separated DNS servers to be used
Server to use for mailing alerts
Recipient address for email alert
Sending address for email alert
-s SUBJECT, -subject SUBJECT
Subject string, must contain {zone}
The domain which emails are being sent from
-d DOMAINS, --domains DOMAINS
Comma separated domain:rrtype to flatten to IP
addresses. Imagine these are your SPF include
-o OUTPUT, --output OUTPUT
Name/path of output file


.. code:: shell

spflat --resolvers, \
--to \
--from \
--subject 'SPF for {zone} has changed!' \
--domains,, \


.. code:: shell

spflat --config spf.json

You can specify a config file, or you can specify all of the optional arguments from the command line.

I've provided a ``settings.json`` file with an example configuration file.

3rd party dependencies

* netaddr
* dnspython

Example email format

|Example screenshot|

.. |Build Status| image::
.. |Example screenshot| image::

Project details

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Files for sender-policy-flattener, version 0.2.3
Filename, size File type Python version Upload date Hashes
Filename, size sender_policy_flattener-0.2.3.tar.gz (8.4 kB) File type Source Python version None Upload date Hashes View

Supported by

Pingdom Pingdom Monitoring Google Google Object Storage and Download Analytics Sentry Sentry Error logging AWS AWS Cloud computing DataDog DataDog Monitoring Fastly Fastly CDN DigiCert DigiCert EV certificate StatusPage StatusPage Status page