how to merge multiple spf records

How to Merge Multiple SPF Records: The Easiest Way

Sakhawat Showrabh
Sakhawat Showrabh

Author

Reviewed

By Editorial Staff

A sender policy framework (SPF) record is a form of DNS TXT record that specifies which servers are permitted to send emails from a certain domain. As a big business, you’ll surely need to rely on a few services.

But, can you add multiple SPF values to the DNS?

The answer is No, you can’t add multiple SPF values, as the DNS zone of any domain allows only one SPF record. Hosting providers usually don’t allow more than one SPF record as it causes authentication problems. As an alternative, you can merge multiple SPF records.

In this blog, we’ll explain the easiest way of merging SPF records and discuss the necessary mechanism related to that.

Mechanisms of SPF record that you should know

Say you use Google Outlook for delivering emails, and you’ve authenticated Outlook for sending emails from your domain. Your SPF record will look something like this: 

v=spf1 a include:spf.protection.outlook.com ~all

Now, if you’re going to use another service for sending emails, you’ll have to create an SPF record for that as well. We’ll take Mailersend for instance. The record will look something like

v=spf1 a mx include:_spf.mailersend.net ~all

Before we start with how you can merge these two records, you should know what different parts of an SPF record represent. 

The “v” prefix

In the first section of an SPF record, the value v=spf1 indicates that the record is for the initial release of SPF. At the present time, this is the only available variant. Because of the flexibility of TXT records, multiple records can be added, making the DNS of any domain think that the record is an SPF record. 

The “a” mechanism

Both of these records also have the “a” mechanism in their respective SPF records. Which essentially reveals the IP address of a specific domain. A record of the form domain must match the IP address of sending side to authenticate an email.

The ‘mx’ mechanism

This mechanism is not necessarily important for all types of SPF records. But when it’s used in any, it usually indicates the email servers that are used to send emails. In order to authenticate emails, the MX record must match the sending IP. 

The “include” mechanism

This mechanism starts from the middle section of an SPF record. As the name states, this mechanism does the job of including a specific domain in the SPF setup. As a result, the IP addresses that are allowed in this include mechanism get authenticated and send emails.

The “all” mechanism

All mechanisms are found in the last part of the SPF records. There are quite a few ways of using all mechanisms, and it varies depending on what functions are used before it. The “All” mechanism is the determiner of whether an SPF record is valid or not. Here are the common qualifiers of all mechanisms: 

  • +all – is used as the default prefix, so it can not be omitted  
  • ?all – this qualifier makes an SPF record act as if it is not one, so it’s better not to use this 
  • -all – will reject and won’t send an email if it fails to comply with the set of rules 
  • ~all – will send an email even if it fails to comply with the given rules but will add a tag named SOFTFAIL 

How to merge multiple SPF records (in 4 simple steps)

Now that you know about the mechanisms of an SPF record, it will be easier for you to understand the procedure of merging multiple SPF records. Let’s dive into that: 

Determine authorized IP addresses and domain names

To create an SPF record that accurately reflects all of the sources that are authorized to send emails on behalf of your domain, you will need to gather a list of all of the IP addresses and domain names that should be included. This information should be provided by your email service provider or an administrator.

Create a new SPF record

Once you have a complete list of the authorized IP addresses and domain names, you can use this information to create a new SPF record that includes all of these sources. You can do this by using the “include” mechanism to reference the SPF records of the other domains.

For example, if you have an SPF record for domain A that includes the IP addresses 1.2.3.4 and 5.6.7.8, and an SPF record for domain B that includes the IP addresses 9.10.11.12 and 13.14.15.16, your new merged SPF record might look like this: 

v=spf1 include:domainA.com include:domainB.com -all

And if we take the SPF records that we have shown earlier and merge those, the new record will look something like this:

v=spf1 a mx include:_spf.mlsend.com include:spf.protection.outlook.com -all

Update your DNS

Once you have created the new merged SPF record, you will need to update your DNS to reflect this change. This typically involves logging into your DNS provider’s control panel and adding the record to your DNS records.

Test the new SPF record

It is important to test the new SPF record to ensure that it is working correctly. You can use an online SPF checker tool to verify that your SPF record is being recognized and that emails from your domain are being delivered. 

Subscribe to Our Newsletter

Get our blog articles, tutorials, and information delivered to your inbox!

FSMTP Blog Update Feed

Conclusion 

Email authentication is a very important factor in ensuring better email deliverability for any business. Knowing how to merge multiple SPF records will ensure the deliverability of your emails, even if they are sent from multiple domains.

Hopefully, you found our blog helpful, and don’t forget to comment if you have any further questions.

Sakhawat Showrabh

Subscribe To Get

WordPress Guides, Tips, and Tutorials

FSMTP Blog Update Feed

Latest Articles

Comments
  1. Ilene Avatar
    Ilene

    Great info! Glad to find a site with good info on SPF.

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *