Can I Have Multiple SPF Records on My Domain?

SPF Multiple SPF Records

Can you have multiple SPF records on a single domain? The answer is no: a domain MUST NOT have multiple SPF records, otherwise SPF fails with PermError.

An SPF record is a TXT record in the DNS starting exactly with "v=spf1", followed by an array of mechanisms and/or modifiers.

An SPF check starts by fetching all TXT records starting exactly with "v=spf1" on a domain:

  • if no such record is found, it returns None;
  • if multiple such records are found, it returns PermError.

For example, if you have 2 TXT records on yourdomain.com:

Record Type Name Value TTL
TXT yourdomain.com v=spf1 include:_spf.google.com -all Default
TXT yourdomain.com v=spf1 include:servers.mcsv.net -all Default

All emails sent on behalf of yourdomain.com will fail SPF authentication with PermError.

In order to fix this, you need to add all the mechanisms that contain legitimate IP addresses in 1 SPF record, as shown below:

Record Type Name Value TTL
TXT yourdomain.com v=spf1 include:_spf.google.com include:servers.mcsv.net -all Default

For SPF authentication to pass, all these conditions must be met:

Monitoring SPF records

Now that the validity of SPF settings is crucial to SPF authentication success, you might want to receive alerts when an SPF setting is messed up, so that you can take action to fix it as soon as possible.

DMARCLY's domain monitoring feature allows you to do exactly that. In order to monitor your domain:

  1. log in to the dashboard;
  2. go to DNS Records => Domains, add your domain;
  3. go to Reporting and Alerts => DNS Alerts, create a recipient with your email.

From now on, if multiple SPF records are found on your domain, you will get an email notification. Nice!

Previous Post Next Post

 Protect Business Email & Improve Email Deliverability

Get a 14 day trial. No credit card required.

Create Account