Can I Have Multiple SPF Records on My Domain?
Can you have multiple SPF records on a single domain? The answer is no: a domain MUST NOT have multiple SPF records, otherwise SPF fails with PermError.
An SPF record is a TXT record in the DNS starting exactly with "v=spf1", followed by an array of mechanisms and/or modifiers.
An SPF check starts by fetching all TXT records starting exactly with "v=spf1" on a domain:
- if no such record is found, it returns
- if multiple such records are found, it returns
For example, if you have 2 TXT records on yourdomain.com:
|TXT||yourdomain.com||v=spf1 include:_spf.google.com -all||Default|
|TXT||yourdomain.com||v=spf1 include:servers.mcsv.net -all||Default|
All emails sent on behalf of yourdomain.com will fail SPF authentication with PermError.
In order to fix this, you need to add all the mechanisms that contain legitimate IP addresses in 1 SPF record, as shown below:
|TXT||yourdomain.com||v=spf1 include:_spf.google.com include:servers.mcsv.net -all||Default|
For SPF authentication to pass, all these conditions must be met:
- you have exactly 1 SPF record on your domain;
- the record's syntax is correct;
- the total number of DNS lookups can't exceed 10. Otherwise, use Safe SPF to fix it.
Monitoring SPF records
Now that the validity of SPF settings is crucial to SPF authentication success, you might want to receive alerts when an SPF setting is messed up, so that you can take action to fix it as soon as possible.
DMARCLY's domain monitoring feature allows you to do exactly that. In order to monitor your domain:
- log in to the dashboard;
- go to DNS Records => Domains, add your domain;
- go to Reporting and Alerts => DNS Alerts, create a recipient with your email.
From now on, if multiple SPF records are found on your domain, you will get an email notification that looks like below. Nice!
Protect Business Email & Improve Email Deliverability
Get a 14 day trial. No credit card required.Create Account