Can you have multiple SPF records for a domain? No, you can’t; otherwise, recipient servers will decline all the existing SPF records for that domain. This will disrupt the email authentication process, causing even genuine emails to land in the spam folder. However, if you need to include multiple SPF records for your domain, you need to merge them into one. Let’s see how it’s done.
How to Merge Multiple SPF Records into One?
You must include all the mechanisms and values in a single record if you’ve multiple SPF records for your domain. We’re considering the following SPF record examples to explain what you can do if multiple SPF records are found for your domain.
Let’s assume this is your SPF record-
v=spf1 a mx include:_spf.sampleemail.com ~all
And you want to add another SPF record-
v=spf1 include:emailexample.com ~all
Start merging these SPF values by including all the parts into one record and not repeating any mechanisms. This is how you can do it-
- Include only one ‘a’ mechanism at the beginning of your SPF record to eliminate multiple SPF records.
- If one or both the records have an ‘mx’ mechanism, include it only once.
- The ‘include’ mechanism indicates the mail servers from both records.
- An SPF record should always end with “?all”, “-all”, or “~all”. Make sure you don’t use multiple SPF Qualifiers; otherwise, your SPF record will be invalid or erroneous.
In the above example, the merged SPF record will be-
v=spf1 a mx include:_spf.sampleemail.com include:emailexample.com ~all
Special Note
A few receiving servers are unable to pass SPF records if the ‘include’ mechanism has a ‘+’ Qualifier before it. This is because the default parameter is a pass, and the ‘+’ qualifier also indicates the same, causing redundancy, further leading to an error.
The Problem of Merging Multiple SPF Records
Merging multiple SPF records found for your domain leads to the ‘too many DNS lookups’ or Permerror error, which causes domain authentication failure.
What is the DNS Lookup Limit?
To avoid the overconsumption of the DNS validator’s resources, a limit of a maximum of 10 SPF DNS lookups is imposed. Once you reach the limit, messages fail inspection, and your domain’s email deliverability rate drops. The following SPF mechanisms are counted against this lookup limit-
- include
- a
- mx
- ptr
- exists
- redirect
How to Overcome the Issue of DNS Lookup Limit or Permerror Error?
You can stay within the 10 DNS lookup limit by excluding all the unwanted and repeated mechanisms. If you’re still unable to stay within the limit, AutoSPF’s automatic SPF flattening service can help you. You can add new domains and networks while also authenticating new senders at the click of a button.
We work by replacing domains with their corresponding IP addresses, eliminating the need for DNS lookups. Moreover, we constantly monitor your record to ensure it has no syntactical or configurational errors. So, please feel free to reach out to us for any help!