How to merge SPF records
You may have to include multiple SPF values in the DNS zone of your domain if you send emails through several services.
However, it is only possible to have one SPF record in the DNS zone of your domain. Having more than one SPF record will make the authentication impossible, and some hosting providers won’t even allow you to have more than one.
If you need to include more than one SPF record in your DNS zone, then you should merge them into a single record by including all the values or mechanisms in the same record.
The mechanisms of an SPF record
Let’s assume your domain is already authenticated through Outlook, so you have the SPF record set as:
v=spf1 a include:spf.protection.outlook.com ~all
Now, you want to authenticate your domain with MailerSend, so you have to add the second SPF record to your DNS page:
v=spf1 a include:_spf.mailersend.net ~all
Let’s look at the different parts or mechanisms of an SPF record to better understand how it works.
The “v” prefix
The first part of an SPF record starts with v=spf1, which simply identifies the record as the first version of SPF. This is the only version that exists at the moment. Since you can add several TXT records, this basically tells the DNS of the domain to treat this record as SPF.
The “a” mechanism
Both records also contain the a mechanism afterward, which basically indicates the address of your domain in an IP number. The sending IP must match the A record of the From domain to be authenticated.
The “mx” mechanism
Although none of the SPF values include this mechanism, it can be found in others. The mx mechanism indicates which email servers should be used when emails are being relayed. The sending IP must match the MX record of the From domain to be authenticated.
The “include” mechanism
The middle part of an SPF record begins with include, which basically tells the DNS to include this particular domain in the SPF setup of your domain. It allows emails to be authenticated through the same IPs allowed in the included domain.
The “all” mechanism
The last part of an SPF record, it defines how an email should be treated. It should always be at the end of the record, and it is required to be a valid SPF record.
This mechanism will include one of the following qualifiers:
+all - is the default prefix, so it can be omitted
?all - adding this rule acts as if there’s no SPF, so it’s not recommended
-all - if the email doesn’t comply with the set rules, it will be rejected and not sent
~all - if the email doesn’t comply with the set rules, it will be sent but tagged as SOFTFAIL
How to merge several SPF records into a single record
To merge the SPF values, simply include all the values into one single record, without repeating any mechanisms.
This means that if both records have an a, it should only be included once at the beginning in the default record. If only one of the records includes an mx, it should also be included in the first part.
However, please note that the last part has to be either ?all, -all or ~all. It’s not possible to have more than 1, so it is ultimately your choice which declaration all of your domains will use.
The merged SPF record would look like this:
v=spf1 a include:_spf.mailersend.net include:spf.protection.outlook.com ~all
Need more info?
Please feel free to contact us at firstname.lastname@example.org and a member of our support team will gladly assist you.