In this tutorial, we’ll cover how to merge multiple SPF records to improve your email’s deliverability.
Understanding How SPF Records Work
SPF, short for Sender Policy Framework, is a TXT record that validates outgoing email messages from your site to prevent domain spoofing.
Domain spoofing occurs when an attacker sends phishing emails to unsuspecting users. The email often appears to be coming from a legitimate source like your site’s domain.
If you send an email from your site, the recipient’s email server checks your domain against the SPF record. If your domain fails the SPF check, the recipient’s server may mark the email as spam or reject it entirely.
Checking For Multiple SPF Records
The easiest way to check for multiple SPF records is with an online tool like MXToolbox. To use this tool, type your site’s domain into the Domain Name field and click the SPF Record Lookup button.
You’ll see the message that reads: More than one record found if you have multiple SPF records.
Because both SPF records have the prefix v=spf1, the recipient email server won’t know which rule to follow. In most cases, it’ll end up ignoring both of these TXT records.
An easy way to fix this issue is to merge all SPF records as a single TXT record. Here’s how to do it.
Merging Your SPF Records
Before getting started, you’ll need to locate your domain’s DNS settings. These records are often managed by your domain registrar. Be sure to contact your domain host if you’re at all unsure how to locate this option.
For this example, we’ll use Cloudflare to perform the DNS record changes. However, the steps should be similar regardless of your domain host.
Accessing Your Domain’s DNS
To start, log in to your Cloudflare account and go to DNS » Records.
Here, you’ll see a table containing all the DNS records for your domain. Locate the first SPF TXT record, then click Edit to update the record.
Next, copy the existing rule in the Content field to your clipboard. You might want to save it into a text document as we’ll be needing it in the next step.
After copying the rule, click the Delete button to remove the record from your DNS.
Next, you’ll need to edit the remaining one to merge both. To do so, click Edit next to the remaining SPF record.
Combining Multiple Domains
An SPF record typically has 3 sections. Below, we’ve explained what each section does:
- Declaration: Specifying the record type. It usually starts with
v=spf1 - Allowed domains: Specifies the domain to add to the record. Defined using the
includekeyword for each domain - Enforcement rule: Finish the record with one
~allstatement
In an SPF record, the declaration and enforcement rule shouldn’t be updated once created. However, you can modify the Allowed Domains rule with the include keyword to feature any domain you’d like to add to the rule.
For our example, you’ll need to copy the include part of the first record we deleted and add it right next to the include rule of the remaining SPF record.
Once you’ve combined the SPF rules, the combined record should look similar to the one below:
v=spf1 include:mailgun.org include:zoho.eu ~all
When you’re ready, click the Save button to update your SPF record.
Note: If you need to add another SPF rule, simply copy the include part of the new SPF record and add it next to the existing record in your domain’s DNS.
Keep in mind that there are limits for SPF records:
- The record content can have a maximum of 10 domains chained using the
includecommand. - The content should be below 255 characters.
Testing Your Merged SPF Records
After saving your DNS changes, check your domain name again with the MXToolbox tool. You should now see a single SPF record with both domains chained next to each other.
Note: In some cases, DNS changes can take up to 48 hours to propagate. If you’re still getting the multiple SPF record warning, wait and retry after a while.
Frequently Asked Questions
These are answers to some top questions about resolving multiple SPF record issues.
Can You Have More than 1 SPF Record?
No, you can’t have more than 1 SPF record. If you do have two separate SPF TXT record entries, your emails will likely fail SPF authentication and return a PermError.
Is SPF Required for Every Mailer in Easy WP SMTP?
SPF is required for some mailers, including:
In Easy WP SMTP, SPF is not required for:
- Gmail addresses ending with Google’s free extensions like
@gmail.comor@googlemail.com - Microsoft email addresses ending with
@outlook.com - Zoho Mail addresses ending with
@zohomail.com - Any senders set up with SendLayer
Can I send a test email in Easy WP SMTP if I have multiple SPF records?
Sometimes you’ll still receive test emails in Easy WP SMTP even though you have multiple SPF records (or none at all). This might be because:
- The receiving server is automatically handling multiple SPF records behind the scenes.
- Your mailer service doesn’t require SPF records, so it’s already ignoring them.
Does SPF Apply to My Subdomains?
No. Unlike DMARC, SPF doesn’t apply to subdomains. You’ll need to create separate SPF records for subdomains at your domain host.
What Does -all vs ~all Mean?
In an SPF record, -all means that emails from domains not included in your SPF record won’t be delivered. The ~all enforcement rule is a bit flexible and will look for further validation before rejecting the email.
If you need to combine more than one SPF record, you’ll need to use ~all unless your email provider recommends a different approach.
Note: Avoid using the +all rule as it allows anyone on the internet to use your domain to send emails including spam and phishing emails.
What Does SPF PermError Mean?
The PermError typically occurs when an SMTP server fails to verify your domain’s SPF record. It is often caused by incorrect syntax in your SPF record or having multiple SPF records. To fix the PermError, review your syntax and make sure to combine multiple SPF records.
That’s it! Now you know how to merge multiple SPF records to improve your email’s deliverability.