A sender policy framework (SPF) record is a form of DNS TXT record that specifies which servers are permitted to send emails from a certain domain. As a big business, you’ll surely need to rely on a few services.
But, can you add multiple SPF values to the DNS?
The answer is No, you can’t add multiple SPF values, as the DNS zone of any domain allows only one SPF record. Hosting providers usually don’t allow more than one SPF record as it causes authentication problems. As an alternative, you can merge multiple SPF records.
In this blog, we’ll explain the easiest way of merging SPF records and discuss the necessary mechanism related to that.
Mechanisms of SPF record that you should know
Say you use Google Outlook for delivering emails, and you’ve authenticated Outlook for sending emails from your domain. Your SPF record will look something like this:
v=spf1 a include:spf.protection.outlook.com ~all
Now, if you’re going to use another service for sending emails, you’ll have to create an SPF record for that as well. We’ll take Mailersend for instance. The record will look something like
v=spf1 a mx include:_spf.mailersend.net ~all
Before we start with how you can merge these two records, you should know what different parts of an SPF record represent.
The “v” prefix
In the first section of an SPF record, the value v=spf1 indicates that the record is for the initial release of SPF. At the present time, this is the only available variant. Because of the flexibility of TXT records, multiple records can be added, making the DNS of any domain think that the record is an SPF record.
The “a” mechanism
Both of these records also have the “a” mechanism in their respective SPF records. Which essentially reveals the IP address of a specific domain. A record of the form domain must match the IP address of sending side to authenticate an email.
The ‘mx’ mechanism
This mechanism is not necessarily important for all types of SPF records. But when it’s used in any, it usually indicates the email servers that are used to send emails. In order to authenticate emails, the MX record must match the sending IP.
The “include” mechanism
This mechanism starts from the middle section of an SPF record. As the name states, this mechanism does the job of including a specific domain in the SPF setup. As a result, the IP addresses that are allowed in this include mechanism get authenticated and send emails.
The “all” mechanism
All mechanisms are found in the last part of the SPF records. There are quite a few ways of using all mechanisms, and it varies depending on what functions are used before it. The “All” mechanism is the determiner of whether an SPF record is valid or not. Here are the common qualifiers of all mechanisms:
- +all – is used as the default prefix, so it can not be omitted
- ?all – this qualifier makes an SPF record act as if it is not one, so it’s better not to use this
- -all – will reject and won’t send an email if it fails to comply with the set of rules
- ~all – will send an email even if it fails to comply with the given rules but will add a tag named SOFTFAIL
How to merge multiple SPF records (in 4 simple steps)
Now that you know about the mechanisms of an SPF record, it will be easier for you to understand the procedure of merging multiple SPF records. Let’s dive into that:
Determine authorized IP addresses and domain names
To create an SPF record that accurately reflects all of the sources that are authorized to send emails on behalf of your domain, you will need to gather a list of all of the IP addresses and domain names that should be included. This information should be provided by your email service provider or an administrator.
Create a new SPF record
Once you have a complete list of the authorized IP addresses and domain names, you can use this information to create a new SPF record that includes all of these sources. You can do this by using the “include” mechanism to reference the SPF records of the other domains.
For example, if you have an SPF record for domain A that includes the IP addresses 220.127.116.11 and 18.104.22.168, and an SPF record for domain B that includes the IP addresses 22.214.171.124 and 126.96.36.199, your new merged SPF record might look like this:
v=spf1 include:domainA.com include:domainB.com -all
And if we take the SPF records that we have shown earlier and merge those, the new record will look something like this:
v=spf1 a mx include:_spf.mlsend.com include:spf.protection.outlook.com -all
Update your DNS
Once you have created the new merged SPF record, you will need to update your DNS to reflect this change. This typically involves logging into your DNS provider’s control panel and adding the record to your DNS records.
Test the new SPF record
It is important to test the new SPF record to ensure that it is working correctly. You can use an online SPF checker tool to verify that your SPF record is being recognized and that emails from your domain are being delivered.
Email authentication is a very important factor in ensuring better email deliverability for any business. Knowing how to merge multiple SPF records will ensure the deliverability of your emails, even if they are sent from multiple domains.
Hopefully, you found our blog helpful, and don’t forget to comment if you have any further questions.