Reference

What SPF drift is and how the daily auto-check protects you

SPF drift is when the IPs behind your SPF record change after you've flattened or fixed them. Learn what causes it and how Blankitt's automatic daily re-check catches it.

2 min readLast updated 14 June 2026
Jump to section

SPF drift is when the real-world IP addresses authorised by your SPF record no longer match what your record actually says. It is one of the quieter ways email authentication breaks — there is no error in your DNS, yet legitimate mail can start failing SPF.

What causes SPF drift

SPF authorises senders in two ways:

  • Dynamically, via mechanisms like include: that resolve to a provider's current IP ranges at evaluation time, and
  • Statically, via literal ip4:/ip6: mechanisms you have written into the record yourself.

Drift happens when reality moves away from your record:

  • You flattened your SPF record (replaced include: with fixed IP ranges to stay under the 10-lookup limit) and a provider later changed their ranges. Your hard-coded list is now out of date.
  • A vendor expanded, retired or renumbered their sending infrastructure.
  • An internal mail server moved to a new IP that was never added.

The result: mail from the now-unlisted IPs fails SPF. If those messages also lack aligned DKIM, they fail DMARC — and under p=quarantine or p=reject they get junked or blocked.

Why flattening makes drift more likely

Flattening trades freshness for fewer lookups. An include: always reflects the provider's current IPs; a flattened ip4: list reflects the IPs as they were on the day you flattened. The convenience of staying under the lookup limit is exactly what creates the risk of going stale.

How Blankitt protects you

Blankitt re-checks SPF automatically every day. The daily sweep re-resolves your SPF record, compares it against the live state, and flags SPF drift on the domain detail page when the authorised IPs no longer match. You do not need to trigger anything — it runs on its own.

This means a provider can change their ranges overnight and you will be alerted promptly, rather than discovering the problem from bounced mail or a customer complaint weeks later.

Where you'll see it

  • Domain detail page — the SPF flattening panel shows the current include tree and flattened record, with SPF drift detection highlighting any mismatch.
  • Compliance Scorecard / Grade — unresolved drift can pull down your domain's score, prompting action.

What to do when drift is flagged

  1. Open the domain detail page and review the SPF drift indicator.
  2. Re-generate the flattened record from the current include tree.
  3. Publish the refreshed SPF record at your DNS provider.
  4. Confirm affected senders pass again on the Offenders page after the next reports arrive.

Key takeaway

Flattened SPF is not "set and forget". Drift is normal and expected over time — the daily auto-check exists so that keeping your record accurate is a quick, prompted task rather than an outage waiting to happen.

Still stuck? Email support or open the support widget in the bottom-right.