Multiple SPF records on a domain?
October 11, 2023 | < 1 min read
Can more than one SPF record be present on the same domain? The answer is no; if a domain contains more than one SPF record, SPF will fail with a PermError.
A TXT record in the DNS known as an SPF record is one that begins precisely with “v=spf1” and is followed by a variety of mechanisms and/or modifiers.
A domain’s TXT records with the identical first character “v=spf1” are fetched to start an SPF check:
- It returns “none” if no such record is found
- If more than one such record is discovered, it returns PermError.
For instance, if yourdomain.com has two TXT records:
| Record Type | Name | Value | TTL |
|---|---|---|---|
| TXT | yourdomain.com | v=spf1 include:_spf.google.com -all | Default |
| TXT | yourdomain.com | v=spf1 include:servers.mcsv.net -all | Default |
All emails sent on yourdomain.com’s behalf will include PermError SPF authentication failures.
You must include all the mechanisms that have legitimate IP addresses in a single SPF record in order to fix the issue, as demonstrated below:
| Record Type | Name | Value | TTL |
|---|---|---|---|
| TXT | yourdomain.com | v=spf1 include:_spf.google.com include:servers.mcsv.net -all | Default |
All of these prerequisites must be satisfied for SPF authentication to succeed:
- Your domain has exactly one SPF record
- which has the proper syntax
- a maximum of 10 DNS lookups
Conclusion
Skysnag automates SPF for you preventing multiple SPF records from being generated. This saves you the trouble and time required for manual configuration. Avoid PermError SPF authentication failures right away and use Skysnag’s automated software to safeguard your domain’s reputation from compromised business emails, password theft, and potentially significant financial losses. Sign up using this link and monitor your email flow with Skysnag.
