Can you have multiple SPF records on a single domain? The answer is no: a domain MUST NOT have multiple SPF records, otherwise SPF fails with PermError.

An SPF record is a TXT record in the DNS starting exactly with "v=spf1", followed by an array of mechanisms and/or modifiers…

We will go over how SPF works with subdomains in this article.

As discussed in the How DMARC Works With Subdomains post, not all subdomains need to publish a DMARC record, if the organizational domain already has one…

This post provides step-by-step instructions on how to add an SPF record in Bluehost.

An SPF record is a TXT record published in the DNS on your domain, starting with v=spf1. It's used to perform SPF checks on the receiving email server…

This post provides step-by-step instructions on how to add an SPF record in CloudFlare.

An SPF record is a TXT record published in the DNS on your domain, starting with v=spf1. It's used to perform SPF checks on the receiving email server…

This post provides step-by-step instructions on how to add an SPF record in GoDaddy.

An SPF record is a TXT record published in the DNS on your domain, starting with v=spf1. It's used to perform SPF checks on the receiving email server…

This post provides step-by-step instructions on how to add an SPF record in Namecheap.

An SPF record is a TXT record published in the DNS on your domain, starting with v=spf1. It's used to perform SPF checks on the receiving email server…

When troubleshooting email delivery issues, you might run into some cryptic SPF error on the receiving email server along the lines of:

SPF PermError: too many DNS lookups

SPF Permanent Error: too many DNS lookups

SPF Fail: too many DNS lookups

These messages indicate that the SPF record on…

When analyzing email headers for unauthenticated emails in mailbox service providers like Gmail, you can run into error messages that look like below from time to time:

This article aims to provide a complete guide to implementing SPF, DKIM, and DMARC for your organization, and suggest the best practices for doing so. It is written in hopes that this will clear up confusion about what steps to take to achieve an effective DMARC deployment to secure business email a…

It's critically important for any company using Office 365 Exchange Server for email to implement DMARC, DKIM, and SPF to prevent or stop email spoofing and phishing as well as improve email deliverability.

Office 365 has become the de facto standard for productivity software…

Sender Policy Framework (SPF) plays an important role in modern-day email authentication, along with DMARC and DKIM. It helps prevent emails from unauthorized senders from landing in the inbox.

We are going to present a comprehensive guide to SPF in this article…

When you first set up Amazon SES to send emails, you may find there is a "Via amazonses.com" warning for the email in the recipient's mailbox.

This warning means you haven't authorized Amazon SES to deliver emails for you, so the mailbox provider considers that sent from Amazon SES instead of your…

Follow the steps below to set up SPF and DKIM for Mailchimp, so that your marketing emails are more likely to reach the inbox. This is a process also known as email domain authentication.

How to set up SPF and DKIM for Mailchimp:

Verify your domain

Mailchimp requires you to verify that you o…

When you first set up Mailgun to send emails, you may find there is a "via mailgun.org", "via mailgun.us", or "via mailgun.info" warning for the email in the recipient's mailbox.

This warning means you haven't authorized Mailgun to deliver emails for you, so the mailbox provider considers that sen…

When you first set up Mandrillapp (AKA Mailchimp Transactional Email) to send transactional emails, you may find there is a "via mandrillapp.com" warning for the email in the recipient's mailbox.

This warning means you haven't authorized Mandrill to deliver emails for you, so the mailbox provider…

When you first set up SendGrid to send emails, you may find there is a "Via SendGrid" warning for the email in the recipient's mailbox.

This warning means you haven't authorized SendGrid to deliver emails for you, so the mailbox provider considers that sent from SendGrid instead of your brand…

When you first set up Zendesk to send emails, you may find there is a "Via Zendesk" warning for the email in the recipient's mailbox.

This warning means you haven't authorized Zendesk to deliver emails for you, so the mailbox provider considers that sent from Zendesk instead of your brand…

Sender Policy Framework (SPF) is an email authentication mechanism which allows only authorized senders to send on behalf of a domain, and prevents unauthorized users from doing so. SPF allows the receiver to check that an email claiming to come from a specific domain indeed comes from…

While Safe SPF overcomes the 10-DNS-lookup limit in SPF, sometimes it's desirable to flatten only a part of your SPF record, while leaving the rest as is. If this is the case, you can use partial Safe SPF.

One good reason for this is that some email delivery services like HelpScout, Office 365, At…

Once you've created a Google Workspace, formerly known as G Suite, account on your domain, you will need to set up email authentication so that emails sent from Google Workspace on behalf of your domain are fully authenticated, and keep monitoring the authentication status and take action if necessa…

What is SPF?

Sender Policy Framework (SPF) is an email authentication mechanism which allows only authorized senders to send on behalf of a domain, and prevents unauthorized users from doing so. SPF allows the receiver to check that an email claiming to come from a specific domain indeed comes fro…

"SPF PermError: too many DNS lookups" is a common error seen in many SPF (Sender Policy Framework) implementations. When an often overlooked SPF 10-DNS-lookup limit is exceeded, an SPF PermError, aka SPF permanent error, is returned. SPF PermError's can affect your email deliverability…

People tend to think of setting up email authentication with DMARC, DKIM, and SPF as time-consuming and error-prone because they have to search the Web for various articles and tools to achieve a simple DMARC, DKIM and SPF setup. This can take days for those who aren't proficient in email authentica…

When the SPF record on a domain can't be correctly interpreted, SPF returns a PermError (permanent error). In contrast with an SPF TempError (temporary error), an SPF PermError requires a system administrator to take measures to rectify the issue.

Here is a list of causes of SPF PermError:

An SPF record is a TXT record published in the DNS by the domain owner, which specifies a whitelist of IP addresses allowed to send emails on behalf of the domain. When an email reaches the receiving server, the server will look up the SPF record in the DNS, and perform a check to determine if the e…

When the SPF PermError: Too Many DNS Lookups issue strikes, your email deliverability can take a bad hit due to SPF fail. We will explain how automatic/dynamic SPF record flattening can solve this problem below.

Nowadays, more and more services are necessary to run online operations on a day-to-…

DMARC (Domain-based Message Authentication, Reporting and Conformance) specifies these possible errors (non-pass) in SPF (Sender Policy Framework) authentication: none, neutral, fail (hard fail), softfail (soft fail), temperror (temporary error), and permerror (permanent error)…