Disclosure: I worked on spfwalk and am the author of spf_fetch.
Adding recursive spf-record fetching to opensmtpd’s smtpctl(8) utility makes whitelisting senders like Google (who often retry from large pools of addresses) much more reliable, resulting in more timely delivery of email.
It’s a welcome addition to an already excellent mail server.
I’m adding spfwalk to spf_fetch as a tool, and support for spfwalk and the smtpctl version to spf_fetch. The scripts in spf_fetch, along with a bit of config and cron(8), handle the work of updating pf(4) records.