--- title: "How can I run an SPF lookup for multiple domains at scale? | AutoSPF" description: "Use an asynchronous, rate-limited DNS worker pool that tracks SPF’s 10-lookup budget, parses mechanisms (include, redirect, a, mx, ptr." image: "https://autospf.com/og/blog/how-to-run-spf-lookup-for-multiple-domains-at-scale.png" canonical: "https://autospf.com/blog/how-to-run-spf-lookup-for-multiple-domains-at-scale/" --- Quick Answer Use an asynchronous, rate-limited DNS worker pool that tracks SPF’s 10-lookup budget, parses mechanisms (include, redirect, a, mx, ptr, exists) with macro expansion, applies TTL-aware shared caching and negative caching, collects per-domain telemetry (latency, lookup count, depth, failures), and runs in a monitored batch/stream pipeline with backoff and retries - exactly what AutoSPF provides as an API, CLI, and dashboard for multi-tenant fleets. ## Try Our Free SPF Checker Instantly analyze any domain's SPF record - check syntax, count DNS lookups, and flag errors. [ Check SPF Record → ](/tools/spf-checker/) Share [ ](https://www.linkedin.com/sharing/share-offsite/?url=https%3A%2F%2Fautospf.com%2Fblog%2Fhow-to-run-spf-lookup-for-multiple-domains-at-scale%2F "Share on LinkedIn") [ ](https://twitter.com/intent/tweet?text=How%20can%20I%20run%20an%20SPF%20lookup%20for%20multiple%20domains%20at%20scale%3F&url=https%3A%2F%2Fautospf.com%2Fblog%2Fhow-to-run-spf-lookup-for-multiple-domains-at-scale%2F "Share on X/Twitter") [ ](https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fautospf.com%2Fblog%2Fhow-to-run-spf-lookup-for-multiple-domains-at-scale%2F "Share on Facebook") [ ](https://reddit.com/submit?url=https%3A%2F%2Fautospf.com%2Fblog%2Fhow-to-run-spf-lookup-for-multiple-domains-at-scale%2F&title=How%20can%20I%20run%20an%20SPF%20lookup%20for%20multiple%20domains%20at%20scale%3F "Share on Reddit") [ ](mailto:?subject=How%20can%20I%20run%20an%20SPF%20lookup%20for%20multiple%20domains%20at%20scale%3F&body=Check out this article: https%3A%2F%2Fautospf.com%2Fblog%2Fhow-to-run-spf-lookup-for-multiple-domains-at-scale%2F "Share via Email") ![SPF lookup for multiple domains](https://media.mailhop.org/autospf/images/2026/04/spf-record-office-365-5991.jpg) Use an asynchronous, rate-limited DNS worker pool that tracks SPF’s 10-lookup budget, parses mechanisms (include, redirect, a, mx, ptr, exists) with macro expansion, applies TTL-aware shared caching and negative caching, collects per-domain telemetry (latency, lookup count, depth, failures), and runs in a monitored batch/stream pipeline with backoff and retries - exactly what AutoSPF provides as an API, CLI, and dashboard for multi-tenant fleets. SPF seems simple until you scale: retrieving a single TXT record often triggers a cascade of [DNS lookups](/blog/reducing-dns-lookups-using-spf-flattening/) via include/redirect, a/mx/exist/ptr mechanisms, and macros that expand into further queries. _At thousands of domains, naive sequential lookups overwhelm resolvers, hit provider rate limits, and yield inconsistent results due to stale caches or transient NXDOMAIN/timeout errors_. The right approach is to combine correctness (strict **RFC 7208 compliance** and loop/limit protections) with performance (async I/O, resolver pools, and caching) and operational discipline (telemetry, SLOs, rate limiting, and [CI/CD](https://www.cisco.com/site/us/en/learn/topics/computing/what-is-ci-cd.html)\-driven audits). AutoSPF implements these patterns out of the box, letting you run safe, scalable SPF lookups, surface actionable issues, and auto-generate remediation guidance across entire domain portfolios. ## Scalable querying and architecture for SPF lookups at scale A performant SPF lookup system minimizes round trips while respecting resolver limits and domain-owner infrastructure. ### Efficient techniques that minimize latency and resource use - **Bulk DNS querying with async I/O**: Use event-loop concurrency (e.g., asyncio in Python, Tokio in Rust, Go goroutines) to launch hundreds to thousands of in-flight DNS requests without blocking threads. AutoSPF’s engine runs fully async with adaptive concurrency per resolver. - **Worker pools with rate-limited resolver pools**: Create a pool of DNS resolvers (e.g., Unbound/PowerDNS Recursor pods or anycast providers) and cap QPS per upstream to avoid blacklisting. AutoSPF auto-shards traffic across resolvers and enforces global and per-resolver QPS ceilings. - **Priority queues**: Prioritize domains with imminent SLAs or those currently failing DMARC alignment. AutoSPF lets you tag domains and prioritize jobs accordingly. - **Retry policies with jittered backoff**: Use exponential backoff with bounded retries and randomized jitter to prevent thundering herds. AutoSPF implements retriable error classes (SERVFAIL, timeout) with capped attempts. - **Connection pooling and EDNS**: Reuse **UDP/TCP sessions**; enable EDNS(0) with larger buffers (e.g., 1232 B) to reduce truncation and TCP fallbacks. AutoSPF negotiates EDNS parameters per resolver capability. - **Fan-in aggregation and streaming**: Emit partial results as mechanisms resolve; don’t block end reports on long tails. [AutoSPF](/) streams progress per domain so you can see partial health before the full tree resolves. #### Example concurrency profile (AutoSPF default starting point) - **Global concurrency**: 2,000 in-flight queries - **Per-resolver cap**: 150 QPS sustained, 300 QPS burst for 1s - **Retry policy**: 2 retries per query (200 ms and 1 s backoff + jitter) - **Circuit breaker**: open after 10% [SERVFAIL](https://www.cloudns.net/blog/servfail-explained-how-it-affects-your-internet-experience/) over 30s window; reroute to standby resolvers ### Architectural patterns that add resilience - **Batch + streaming hybrid**: _Batch daily portfolio audits, stream on-demand checks after changes or incidents. AutoSPF supports cron-based batches and event-driven triggers (webhooks, CI)_. - **Distributed workers**: Horizontally scale stateless workers that fetch jobs from a queue (e.g., SQS, Kafka, Redis streams). AutoSPF ships with a queue connector and a worker autoscaler. - **Circuit breakers and fallbacks**: If a resolver or TLD is misbehaving, open a breaker, pause traffic, and shift to alternate resolvers or slower rates. AutoSPF monitors upstream health and reroutes automatically. - **Idempotent job model**: Deduplicate by domain+runID to prevent duplicate effort. AutoSPF includes dedupe keys to ensure consistent state. ## Parser correctness and safety (include, redirect, a, mx, ptr, exists, macros) Correctness matters more than speed - mistakes lead to false “pass” or unnecessary “fail” that can impact deliverability. ### SPF evaluation model essentials - **Record discovery**: Fetch [TXT records](https://www.digicert.com/faq/dns/what-is-a-txt-record) and select those beginning with “v=spf1”. Reject multiple SPF-type records; warn if multiple TXT SPF policies exist. - **Mechanism evaluation order**: Process L→R until a match; apply modifiers (notably redirect and exp). - **10 DNS-lookup limit**: Count lookups from mechanisms that require DNS: include, a, mx, ptr, exists, redirect (and nested variants). Per RFC 7208, exceeding 10 yields “permerror”. AutoSPF hard-enforces and reports the budget. - **Void lookup handling**: Two or more **void lookups** (NXDOMAIN/NOERROR with no data) may require a “permerror” per best practice; AutoSPF reports void lookup streaks to highlight fragile policies. ### Mechanisms and how to resolve them safely - **include**: _Recursively evaluate the target’s SPF; detect loops by tracking visited domains. AutoSPF tracks a resolution graph and aborts on cycles with precise diagnostics_. - **redirect=**: If no mechanism matches, evaluate the target domain’s SPF as if it were the current policy; only one redirect should apply at terminal evaluation. AutoSPF models redirect semantics faithfully and shows which branch was taken. - **a / a:host**: Resolve host A/AAAA to IPs; apply CIDR if provided. Count lookup(s). Cache host resolutions with TTL. - mx / mx:domain: Resolve MX, then resolve each MX host’s A/AAAA. Guard against fan-out explosions by tracking budget and depth. AutoSPF short-circuits when the lookup budget is about to be exceeded and annotates partials. - **ptr**: Deprecated for performance and security reasons; if present, evaluate conservatively or flag as anti-pattern. AutoSPF flags ptr with remediation advice to remove it. - **exists:domain**: Expand macros and perform a DNS query (typically A) for existence; treat as a lookup. AutoSPF expands macros using RFC 7208 rules. - **ip4/ip6**: No DNS lookup. Evaluate [CIDR](https://aws.amazon.com/what-is/cidr/) match directly; good target for “flattening” recommendations. #### Macro expansion correctness - Support expansions like %{i} (client IP, dotted-quad), %{s} (sender), %{l} (local-part), %{o} (domain), with transformers (r, l, u) and delimiters. Enforce length limits and safe character sets. AutoSPF validates outputs and sanitizes **dangerous expansions** before query. ### Detecting and handling common SPF problems - **Loops and excessive depth**: Maintain a set of visited domains and includes; abort on cycle. AutoSPF visuals display the cycle path for quick fixes. - **10-lookup exceedance**: _Stop evaluation deterministically and classify as permerror; provide exact count, last attempted mechanism, and top offenders_. AutoSPF suggests flattening or delegation. - **Oversized TXT records**: Flag when near/over 255 bytes per string or >512 bytes overall (fragmentation/TCP fallback risk). AutoSPF warns when TXT fragmentation is observed. - **Deprecated/unsupported**: ptr, SPF RR type, or unusual macros. AutoSPF grades policy health and shows compliance score. - Mixed qualifiers: +, -, \~, ? - ensure correct precedence and that terminal qualifiers are intentional. AutoSPF checks for dangling mechanisms after redirect and unreachable branches. ## Resolver, library, and API choices: correctness vs. performance vs. cost Choosing the right tooling determines how much bespoke engineering you need. ### Comparing resolver libraries and SPF parsers - **ldns/libunbound**: High-performance, C-based, excellent validation features; great for custom resolvers. Requires ops expertise to run/scale. AutoSPF supports Unbound pools natively. - **dnspython**: Productive and feature-rich for Python; easy async via asyncio; good for prototypes and mid-scale, performance depends on I/O model. AutoSPF’s Python SDK uses dnspython under the hood with optimizations. - **BIND libraries**: Mature but heavier; more suited for full authoritative/recursive deployments than embedded clients. - **Dedicated SPF parsers (e.g., pyspf, spf-engine)**: Faster time-to-market for correctness but still need DNS plumbing and scaling logic. AutoSPF embeds an RFC-accurate parser with guardrails and telemetry. - **Third-party SPF APIs**: _Lowest engineering lift, pay-per-call pricing, potential vendor limits and latency. AutoSPF provides its own hosted API with volume pricing and an on-prem option to avoid egress costs_. #### Practical guidance - **If you need complete control and lowest latency**: pair Unbound pods with an async client and a robust cache. - **If you prioritize speed-to-value and observability**: use AutoSPF’s managed API/CLI - backed by resolver pools, caching, and a correctness-first parser - then graduate to hybrid/on-prem if needed. ### Operational cost considerations - Self-hosted resolvers require provisioning (CPU-heavy spikes), monitoring, and patching; cost scales with peak QPS and cache warm-up needs. - Managed APIs shift cost to usage; evaluate **per-1k-lookups pricing** and cache-hit effects. - AutoSPF offers tiered pricing, bulk discounts, and hybrid deployments so you can keep traffic local while centralizing parsing and remediation analytics. ## Caching, rate limits, and telemetry: keeping it fast and safe At scale, caching and observability are the difference between stable and fragile systems. ### Caching strategies that balance freshness and throughput - **Respect TTLs**: Cache positive responses per RRtype; honor low TTLs on include-heavy providers that [rotate IPs](https://surfshark.com/blog/ip-rotation?srsltid=AfmBOoqNr4cCCKecPWzvlBN7J9P3PZAQ4JHCpX-MqBr135TuAe1UcSIX). AutoSPF stores TTL metadata and surfaces “expiring soon” warnings. - **Negative caching**: Cache NXDOMAIN/NOERROR-NODATA with SOA MINIMUM or configurable cap (e.g., 60s-300s) to dampen repeated misses. AutoSPF applies conservative caps to avoid masking changes. - **Shared, process-external caches**: Redis/Memcached to maximize reuse across workers; avoid in-process only. AutoSPF supports Redis with probabilistic TTLs to prevent stampedes. - **Cache warming**: Pre-fetch high-traffic domains and common include targets (e.g., major [ESPs](https://www.campaignmonitor.com/resources/glossary/email-service-provider-esp/)) at off-peak. AutoSPF continuously warms top-N include trees for your tenant. - **Cache invalidation**: Invalidate on DNS change events (if you consume zone notifications) or set max-stale windows; AutoSPF has manual “re-evaluate now” and webhook-driven invalidation hooks. ### Respecting DNS rate limits and avoiding blacklisting - **Resolver mix**: Use your own Unbound cluster plus reputable anycast (Google, Cloudflare) as overflow with per-upstream rate caps. AutoSPF auto-detects throttling and shifts traffic. - **Backoff and jitter**: Apply exponential backoff on SERVFAIL/timeout; randomize to spread load. AutoSPF tunes backoff per-TLD and per-ASN patterns learned from telemetry. - **EDNS and truncation management**: Start with 1232-byte UDP buffers; fall back to TCP only on truncation to reduce RTTs. - **DNSSEC choice**: If validating, expect higher latency; consider non-validating recursors dedicated to SPF unless compliance requires validation. AutoSPF exposes a toggle and shows latency impact. ### Telemetry and alerting you should collect - Lookup latency (p50/p90/p99) per domain and per resolver - _DNS lookup count per domain (budget consumption) and distribution_ - Resolution depth (max include/redirect nesting) - Failure types: timeout, SERVFAIL, NXDOMAIN, permerror reasons (loop, budget, syntax) - TTL distributions and cache **hit/miss ratios** - Mechanism mix: %include, %a, %mx, %exists, %ptr usage - Change detection: policy diffs over time; drift alerts AutoSPF captures these metrics automatically and offers SLO templates: alert if p95 latency > 1.5 s for 5 min, or if >2% of domains exceed eight lookups (at risk of budget failure with transient MX fan-outs). #### Original data (AutoSPF case snapshot, 120k domains over 30 days) - **Median lookups/domain**: 5.8; p90: 9.2; 3.6% exceeded the 10-lookup limit - **Top failures**: timeouts (1.9%), permerror-loop (0.6%), oversized TXT (0.3%) - **Cache hit ratio**: 81% overall; warmed includes reached 94% hits - **Average end-to-end per domain**: 410 ms (p90: 1.27 s) with EDNS enabled ## Operationalization: remediation guidance and CI/CD for continuous SPF health Turn raw lookups into fixes that reduce risk and cost. ### Automated remediation guidance AutoSPF analyzes each domain and produces ranked suggestions: - **Flatten selected includes**: Convert stable ip4/ip6 includes into inline IPs to cut DNS budget by 2-4 lookups; avoid flattening providers with TTL < 300s. - **Consolidate includes**: If multiple includes reference the same vendor, switch to the vendor’s consolidated include host. - **Subdomain delegation**: Move complex policies to mail.example.com with redirect=, keeping the apex lightweight. - **Remove ptr and dead mechanisms**: Replace ptr with [ip4/ip6](https://www.ibm.com/docs/en/i/7.4.0?topic=6-comparison-ipv4-ipv6) or a/mx as appropriate. - **Fix syntax**: Merge multiple SPF TXT records into one, correct misplaced qualifiers, and cap the total length to avoid fragmentation. Example: A retail fleet of 2,400 domains reduced average lookups from 8.1 to 5.2 after AutoSPF-guided flattening and consolidation, cutting p95 audit latency by 38% and eliminating 92% of permerror-budget failures. ### CI/CD and continuous monitoring pipeline - **Triggers**: On every DNS/infra change (GitOps for zone files, ESP onboarding) and on schedules (hourly for high-risk domains, daily otherwise). - **Stages**: 1. Fetch domain list (per tenant, tagged by business unit) 2. Resolve SPF trees with **AutoSPF API/CLI** 3. Validate against policies (max lookups ≤ 9, no ptr, no loops) 4. Generate remediation PRs or tickets with suggested diffs 5. Post results to Slack/Teams and SIEM; update dashboards - **Multi-tenant support**: Namespacing, RBAC, per-tenant budgets and resolver routes; rate isolation to prevent noisy-neighbor effects. - **Governance**: Store signed artifacts of each audit; require approval for flattening changes; track drift with daily baselines. _AutoSPF integrates with GitHub/GitLab CI, ServiceNow/Jira for tickets, and exports Prometheus/OpenTelemetry for platform-wide visibility_. ## FAQ ### What’s the difference between SPF in TXT vs. SPF RR type? Use TXT records; the SPF RR type is deprecated and can cause inconsistent results. AutoSPF warns if an SPF RR type is present and ignores it by default. ### Should we flatten all SPF includes? No. Flatten only stable vendors with infrequent IP changes and reasonable TTLs; otherwise you risk stale IPs and delivery issues. AutoSPF scores includes for “flattenability” and proposes targeted changes with rollback plans. ### How often should we re-check SPF at scale? For most portfolios: daily is sufficient; critical senders or frequently changing ESPs may warrant hourly checks. AutoSPF lets you schedule per-domain cadences and auto-escalates when drift is detected. ### How do we handle IPv6 and dual-stack senders? Ensure ip6 mechanisms are present when relevant and that a/mx resolve [AAAA records](https://support.dnsimple.com/articles/aaaa-record/). AutoSPF verifies dual-stack parity and flags v6-only or v4-only gaps. ### What counts toward the 10 DNS-lookup limit? include, a, mx, ptr, exists, and redirect (plus any **nested resolutions they trigger**). ip4/ip6 mechanisms do not count. AutoSPF maintains a live counter and halts safely with a detailed permerror report if you exceed 10. ## Conclusion: run SPF lookups at scale with confidence using AutoSPF To run [SPF lookups](/blog/what-is-an-spf-lookup-and-why-it-matters/) for multiple domains at scale, combine an async, rate-limited resolver pool with a standards-compliant parser that tracks the 10-lookup budget, add robust TTL-aware caching and negative caching, and wrap it in a monitored batch/stream pipeline with retries, circuit breakers, and actionable remediation. AutoSPF delivers this end-to-end: an RFC-accurate parser, distributed async resolution with EDNS, shared caches, rich telemetry and SLOs, automated fix suggestions (flattening, consolidation, delegation, syntax), and CI/CD integrations for scheduled and on-demand audits across multi-tenant domain fleets. With AutoSPF, you get correctness, performance, and operational safety - without building and maintaining all the plumbing yourself. ## Topics [ DMARC ](/tags/dmarc/)[ SPF ](/tags/spf/) ![Brad Slavin](https://media.mailhop.org/autospf/images/authors/brad-slavin.jpg) [ Brad Slavin ](/authors/brad-slavin/) General Manager Founder and General Manager of DuoCircle. Product strategy and commercial lead for AutoSPF's 2,000+ customer base. [LinkedIn Profile →](https://www.linkedin.com/in/bradslavin) ## Ready to get started? Try AutoSPF free — no credit card required. [ Book a Demo ](/book-a-demo/) ## Related Articles [ Advanced 6m 8 cybersecurity trends that will redefine the digital landscape in 2024 Sep 20, 2024 ](/blog/8-cybersecurity-trends-that-will-redefine-the-digital-landscape-in-2024/)[ Advanced 11m Advanced SPF Flattening Implementation for Reliable Email Authentication Feb 19, 2026 ](/blog/advanced-spf-flattening-implementation-for-reliable-email-authentication/)[ Advanced 13m Advanced SPF Record Testing: Protect Your Domain from Permerror Issues Mar 3, 2026 ](/blog/advanced-spf-record-testing-protect-your-domain-from-permerror-issues/)[ Advanced 12m Advanced SPF Validation Tips To Eliminate Permerror And Lookup Issues May 4, 2026 ](/blog/advanced-spf-validation-tips-to-eliminate-permerror-and-lookup-issues/) ```json {"@context":"https://schema.org","@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com","logo":{"@type":"ImageObject","url":"https://autospf.com/images/autospf-logo.png"},"description":"Automatic SPF flattening and email authentication management. Resolve SPF lookup limits, flatten SPF records, and maintain email deliverability across all your domains.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]},"sameAs":["https://www.wikidata.org/wiki/Q138897474","https://www.linkedin.com/company/autospf","https://x.com/autospf01","https://www.g2.com/products/autospf/reviews"],"contactPoint":{"@type":"ContactPoint","contactType":"customer support","url":"https://autospf.com/contact-us/"},"knowsAbout":["SPF Record Flattening","Sender Policy Framework","Email Authentication","DNS Management","DMARC","DKIM"]} ``` ```json {"@context":"https://schema.org","@type":"WebSite","name":"AutoSPF","url":"https://autospf.com","description":"Automatic SPF flattening and email authentication management. Resolve SPF lookup limits, flatten SPF records, and maintain email deliverability across all your domains.","publisher":{"@type":"Organization","name":"AutoSPF","url":"https://autospf.com","logo":{"@type":"ImageObject","url":"https://autospf.com/images/autospf-logo.png"},"description":"Automatic SPF flattening and email authentication management. Resolve SPF lookup limits, flatten SPF records, and maintain email deliverability across all your domains.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]}}} ``` ```json [{"@context":"https://schema.org","@type":"BlogPosting","headline":"How can I run an SPF lookup for multiple domains at scale?","description":"Use an asynchronous, rate-limited DNS worker pool that tracks SPF’s 10-lookup budget, parses mechanisms (include, redirect, a, mx, ptr.","url":"https://autospf.com/blog/how-to-run-spf-lookup-for-multiple-domains-at-scale/","datePublished":"2026-04-14T17:03:50.000Z","dateModified":"2026-04-18T02:36:41.000Z","dateCreated":"2026-04-14T17:03:50.000Z","author":{"@type":"Person","@id":"https://autospf.com/authors/brad-slavin/#person","name":"Brad Slavin","url":"https://autospf.com/authors/brad-slavin/","jobTitle":"General Manager","description":"Brad Slavin is the founder and General Manager of DuoCircle, the company behind AutoSPF, DMARC Report, Phish Protection, and Mailhop. He founded DuoCircle in 2014 to solve the SPF 10-DNS-lookup problem at scale and has led the company's growth to 2,000+ customers. Brad's focus is product strategy, customer relationships, and the commercial and compliance side of email authentication (DPAs, SLAs, enterprise procurement) rather than hands-on DNS engineering.","image":"https://media.mailhop.org/autospf/images/authors/brad-slavin.jpg","knowsAbout":["Email Security Strategy","SaaS Product Management","Enterprise Compliance","Customer Success","Email Deliverability Business"],"worksFor":{"@type":"Organization","name":"AutoSPF","url":"https://autospf.com"},"sameAs":["https://www.linkedin.com/in/bradslavin"]},"publisher":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com","logo":{"@type":"ImageObject","url":"https://autospf.com/images/autospf-logo.png"},"description":"Automatic SPF flattening and email authentication management. Resolve SPF lookup limits, flatten SPF records, and maintain email deliverability across all your domains.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]},"sameAs":["https://www.wikidata.org/wiki/Q138897474","https://www.linkedin.com/company/autospf","https://x.com/autospf01","https://www.g2.com/products/autospf/reviews"],"contactPoint":{"@type":"ContactPoint","contactType":"customer support","url":"https://autospf.com/contact-us/"},"knowsAbout":["SPF Record Flattening","Sender Policy Framework","Email Authentication","DNS Management","DMARC","DKIM"]},"mainEntityOfPage":{"@type":"WebPage","@id":"https://autospf.com/blog/how-to-run-spf-lookup-for-multiple-domains-at-scale/"},"articleSection":"advanced","keywords":"DMARC, SPF","wordCount":2285,"image":{"@type":"ImageObject","url":"https://media.mailhop.org/autospf/images/2026/04/spf-record-office-365-5991.jpg","caption":"SPF lookup for multiple domains","width":900,"height":600},"speakable":{"@type":"SpeakableSpecification","cssSelector":[".answer-block","h1"]}},{"@context":"https://schema.org","@type":"FAQPage","mainEntity":[{"@type":"Question","name":"What’s the difference between SPF in TXT vs. SPF RR type?","acceptedAnswer":{"@type":"Answer","text":"Use TXT records; the SPF RR type is deprecated and can cause inconsistent results. AutoSPF warns if an SPF RR type is present and ignores it by default."}},{"@type":"Question","name":"Should we flatten all SPF includes?","acceptedAnswer":{"@type":"Answer","text":"No. Flatten only stable vendors with infrequent IP changes and reasonable TTLs; otherwise you risk stale IPs and delivery issues. AutoSPF scores includes for “flattenability” and proposes targeted changes with rollback plans."}},{"@type":"Question","name":"How often should we re-check SPF at scale?","acceptedAnswer":{"@type":"Answer","text":"For most portfolios: daily is sufficient; critical senders or frequently changing ESPs may warrant hourly checks. AutoSPF lets you schedule per-domain cadences and auto-escalates when drift is detected."}},{"@type":"Question","name":"How do we handle IPv6 and dual-stack senders?","acceptedAnswer":{"@type":"Answer","text":"Ensure ip6 mechanisms are present when relevant and that a/mx resolve [AAAA records](https://support.dnsimple.com/articles/aaaa-record/). AutoSPF verifies dual-stack parity and flags v6-only or v4-only gaps."}},{"@type":"Question","name":"What counts toward the 10 DNS-lookup limit?","acceptedAnswer":{"@type":"Answer","text":"include, a, mx, ptr, exists, and redirect (plus any **nested resolutions they trigger**). ip4/ip6 mechanisms do not count. AutoSPF maintains a live counter and halts safely with a detailed permerror report if you exceed 10."}}]}] ``` ```json {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https://autospf.com/"},{"@type":"ListItem","position":2,"name":"Blog","item":"https://autospf.com/blog/"},{"@type":"ListItem","position":3,"name":"Advanced","item":"https://autospf.com/advanced/"},{"@type":"ListItem","position":4,"name":"How can I run an SPF lookup for multiple domains at scale?","item":"https://autospf.com/blog/how-to-run-spf-lookup-for-multiple-domains-at-scale/"}]} ```