How to Manage and Merge Multiple SPF Records

Multiple SPF Records

Estimated reading time: 4 minutes

If you’re responsible for managing email domains, you’ve likely come across the need to work with SPF records. Email authentication can cause a lot of stress, especially when dealing with multiple services that send emails on your domain’s behalf. One question pops up time and again: can you have multiple SPF records for one domain? The short answer: no, and here’s why.

Why Can’t You Have Multiple SPF Records?

Email servers expect only one SPF record per domain. If you try to add two or more SPF records, email services get confused because DNS servers can’t handle multiple SPF entries. This confusion can cause emails to be rejected or marked as spam.

Example problem:

  1. You create one SPF record for Gmail (v=spf1 include:gmail.com -all).
  2. You also create another SPF record for another service like Mailchimp (v=spf1 include:mailchimp.com -all).

When DNS servers read these two records, they can’t merge them automatically. Result? Emails might not be verified correctly.SPF records are made to protect your domain from spoofing by specifying which mail servers are authorized to send emails on your behalf. According to DNS standards, a domain can only have one SPF record. If you try to add multiple SPF records, you’ll likely face issues with email deliverability and authentication failures. This is because DNS servers only read one SPF record per domain. Any additional SPF records may be ignored or cause conflicts. Use tools like GlockApps to regularly test your email deliverability and avoid any concerns.

Test Your Deliverability

So, what’s the solution if you have multiple email services requiring SPF entries? You’ll need to merge those records into a single, well-structured SPF entry.

How to Combine Multiple SPF Records

Let’s say you have two different services with SPF records like these:

  1. v=spf1 include:service1.com -all
  2. v=spf1 include:service2.com -all

If you try to add both to your DNS, you’re bound for trouble. Instead, you need to consolidate them into one SPF record:

v=spf1 include:service1.com include:service2.com -all

This single SPF record includes both services and doesn’t violate DNS standards. 

  • Note: What are “includes” in SPF records?

The include part of an SPF record references another service’s SPF rules. For example, include:gmail.com means your domain trusts Gmail’s email servers

Best Practices for Merging SPF Records

1. Limit the Number of DNS Lookups.

SPF records are subject to a limit of 10 DNS lookups. Each include mechanism triggers a DNS query, so if your combined SPF record has too many include statements, it may exceed this limit. Exceeding the limit causes SPF checks to fail, leading to email rejections.

To overcome this, optimize your SPF record by:

  • Removing unnecessary mechanisms.
  • Using subdomains for services with extensive SPF requirements.
  • Utilizing services that offer flattened SPF records, which reduce the number of lookups.

2. Avoid Redundancy.

It’s easy to accidentally add multiple includes for the same service. For example, if both service1 and service2 rely on spf.provider.com, your SPF record might look like this:

v=spf1 include:spf.provider.com include:spf.provider.com -all

This redundancy increases DNS lookups unnecessarily. Keep your SPF record clean by consolidating duplicate entries.

3. Test Your SPF Record.

After merging multiple SPF records, it’s important to test the new configuration. 

Common SPF Issues

Even with a well-structured SPF record, you can face issues. Common problems may include:

  • Typos or syntax errors: Double-check for errors in your SPF record.
  • Conflicting DNS settings: Check if there are no conflicting TXT records.
  • Misconfigured email services: Verify that each service is correctly authorized by your SPF record.

Conclusion

While you can’t have multiple SPF records for a domain, merging them into a single record with multiple includes is a great way to maintain strong email security.  Remember, SPF is just one part of a comprehensive email authentication strategy. Pair it with DKIM and DMARC for maximum protection against phishing and fraud. Implement GlockApps to check your email deliverability with the most advanced tools.

Get 2 Deliverability Tests

FAQ

Can you have multiple SPF records for one domain?

No, having more than one SPF record will cause conflicts and email verification failures.

How do I combine multiple SPF records?

You need to merge them into a single record.

Can I use subdomains to manage SPF records?

Yes! You can offload SPF entries to subdomains. This will help better manage large or complex SPF records.

What is an “include” in SPF records?

An “include” references another service’s SPF rules. For example, “include:gmail.com” tells mail servers that Gmail’s servers are authorized to send emails to your domain.

Related Posts

email domain reputation

Sending an email may look simple: write the text, add a catchy subject line, choose your recipients, click “Send”, and Read more

How the New Email Uptime Monitoring Helps with Multiple SPF Records

SPF stands for Sender Policy Framework, and it is an email authentication protocol. The purpose of SPF is to check Read more

email domain check list

The reputation of the email domain you use to send email campaigns makes it all - it determines whether your Read more

Email is an essential tool in today's digital world, used for both personal and business communications. It’s fast, cost effective, Read more

AUTHOR BIO

Tanya Tarasenko

Junior Content Writer at GlockApps