Multiple SPF records on a domain?

June 22, 2022  |  < 1 min read

Can more than one SPF record be present on the same domain? The answer is no; if a domain contains more than one SPF record, SPF will fail with a PermError.

A TXT record in the DNS known as an SPF record is one that begins precisely with “v=spf1” and is followed by a variety of mechanisms and/or modifiers.

A domain’s TXT records with the identical first character “v=spf1” are fetched to start an SPF check:

  • It returns “none” if no such record is found 
  • If more than one such record is discovered, it returns PermError.

For instance, if yourdomain.com has two TXT records:

Record TypeNameValueTTL
TXTyourdomain.comv=spf1 include:_spf.google.com -allDefault
TXTyourdomain.comv=spf1 include:servers.mcsv.net -allDefault

All emails sent on yourdomain.com’s behalf will include PermError SPF authentication failures.

You must include all the mechanisms that have legitimate IP addresses in a single SPF record in order to fix the issue, as demonstrated below:

Record TypeNameValueTTL
TXTyourdomain.comv=spf1 include:_spf.google.com include:servers.mcsv.net -allDefault

All of these prerequisites must be satisfied for SPF authentication to succeed:

Conclusion

Skysnag automates SPF for you preventing multiple SPF records from being generated. This saves you the trouble and time required for manual configuration. Avoid PermError SPF authentication failures right away and use Skysnag’s automated software to safeguard your domain’s reputation from compromised business emails, password theft, and potentially significant financial losses. Sign up using this link and monitor your email flow with Skysnag