Email Not Sending? Multiple SPF
Records Might Be The Culprit


If you experience an unexpected halt in your email transmissions or find that your messages are consistently directed to spam folders, the root cause may lie within your DNS configurations. A prevalent issue could be the existence of multiple SPF (Sender Policy Framework) records associated with your domain.

While SPF is a powerful mechanism for preventing email spoofing and enhancing deliverability, having more than one SPF record can disrupt authentication processes, resulting in message rejections or categorization as spam.

This article will clarify the concept of SPF, outline the significant pitfalls of maintaining multiple SPF records, and provide guidance on how to identify and rectify these issues to restore proper email functionality and ensure adherence to email authentication standards. For additional details, visit here.



multiple-spf-records



What Is an SPF Record? A Quick Refresher


The Sender Policy Framework (SPF) is an email authentication method that utilizes DNS to inform receiving mail servers about the IP addresses or servers that have permission to send emails on behalf of your domain.

An SPF record is a TXT record in your DNS settings that looks something like this:

v=spf1 include:_spf.google.com include:sendgrid.net ~all

This tells recipient servers:

  • The domain uses SPF (v=spf1)

  • It authorizes Google and SendGrid to send emails

  • Emails not matching the policy should be soft-failed (~all)

When configured correctly, SPF helps:

  • Prevent domain spoofing

  • Improve email deliverability

  • Ensure compliance with DMARC and DKIM

Why Multiple SPF Records Break Everything


The SPF specification, as defined in RFC 7208, allows for only one SPF record per domain.

What happens with multiple SPF records:

  • SPF lookup fails with a "PermError" (permanent error)

  • Email fails authentication checks

  • Receiving servers treat your email as suspicious

  • Your emails may get rejected, bounced, or marked as spam

Example of a Broken Configuration:

TXT Record 1: "v=spf1 include:_spf.google.com ~all"

TXT Record 2: "v=spf1 include:mailgun.org ~all"

While each record is individually valid, the presence of two v=spf1 entries creates a conflict that invalidates the SPF policy.

Result: Most recipient servers will fail SPF validation and reject or quarantine your email.


How to Check for Multiple SPF Records


Use one of the following tools to diagnose your SPF record:

  • MXToolbox SPF Lookup

  • Google Admin Toolbox CheckMX

  • Kitterman SPF Validator

  • EasyDMARC SPF Record Checker

What to look for:

  • Multiple "v=spf1" TXT records

  • SPF PermError or "Too many DNS lookups" (more than 10)

How to Fix Multiple SPF Records the Right Way


It is essential to combine all authorized sending sources into a single, all-encompassing SPF record. Instead of keeping several separate records, merge them into one cohesive entry.

Correct Configuration Example:

v=spf1 include:_spf.google.com include:sendgrid.net include:mailgun.org ~all

Tips for Editing Your SPF Record:

  • Start with v=spf1

  • Use include: for each third-party sender

  • Avoid exceeding the 10 DNS lookup limit

  • End with ~all (soft fail) or -all (hard fail)

Should you have any uncertainty regarding which services are authorized to send emails on your behalf — such as marketing platforms, customer relationship management systems, or helpdesk applications — it is advisable to seek guidance from your IT administrator or DNS service provider.



multiple-spf-records-1



How to Combine SPF Records (Step-by-Step)


  • Step 1: Identify All Sending Services:

    • Gmail or Google Workspace

    • Microsoft 365

    • Mailchimp, Constant Contact

    • SendGrid, Mailgun, Amazon SES

    • CRMs like HubSpot or Salesforce
  • Step 2: Use "include" for Third-Party Domains: Each service provides an "include" domain. Example:

    • Google: _spf.google.com

    • SendGrid: include:sendgrid.net

    • Mailgun: include:mailgun.org
  • Step 3: Create One Unified SPF Record: Combine all services like so:

  • v=spf1 include:_spf.google.com include:sendgrid.net include:mailgun.org ~all

  • Step 4: Remove All Old SPF Records: Delete any other TXT records starting with v=spf1 from your DNS panel.

  • Step 5: Test the New SPF Record: Use MXToolbox or Kitterman to validate the new record.

A basic error, such as having several SPF records, can significantly interfere with your email delivery, compromise authentication, and harm your sender reputation. The solution is straightforward: ensure you have a single, well-structured, validated, and regularly maintained SPF record.

Avoid the risk of essential emails being undelivered or losing contact with clients. Review your SPF configuration now to confirm that your domain complies with contemporary email security standards.