You’ve probably come across such an option as adding multiple SPF records. If you’ve explored our previous posts, you already know that generating just one SPF record takes some preparation or even specific tools.
So can you have multiple SPF records? Does it help you with your outreach somehow?
No. In fact, it means adding more issues to your domain. Sometimes, beginner users start making several SPF records just because they can. But as you know, “could” doesn’t mean “should.”
Why must there be only one SPF record?
Your SPF record is your domain’s license. By referring to it, receiving servers understand if the incoming mail belongs to the official sender and whether it should be allowed into the inbox.
One SPF record contains information about all domains, subdomains, and apps you use for outreach. Therefore, any authorization check requires only one SPF record. When provided with two SPF records to choose from, the recipient server views it as unhealthy or unstable sender behavior and ultimately denies the entry of your emails.
Where do multiple SPF records come from?
If there is a taboo regarding multiple SPF records for one domain, how does it happen? Why do SPF records keep popping up and messing up your outreach?
Usually, multiple SPF records are a result of an accident or lack of knowledge about DNS records. For example, you add a new email service provider for your outreach. Your new service provider requires adding an SPF record. Instead of adding your existing one (let’s say you’re using Zoho), you generate a new record specifically for this provider. So now you have two SPF records:
From that point, you’re guaranteed to experience difficulties with your SPF authentication. Recipient servers aren’t going to play a guessing game. It’s up to you to keep things clear and transparent by staying in control of SPF records.
How to check my SPF record?
Accessing your DNS records has been made easier with modern tools and services. Email service providers like Gmail make sure that you can instantly check your SPF record via a special tool suite. Additionally, there are toolboxes that allow you to check all your records regardless of the service provider you’re using.
How to check your SPF record manually?
You can view your SPF record in your Command prompt by typing “nslookup -type=txt” and entering the name of the domain/host after space. For example, we type “nslookup -type=txt folderly.io”. We receive the list of domain properties, among which you will find the following SPF record.
So, we got our record. How do we read it?
v=spf1 — it demonstrates that it’s the type 1 SPF record.
mx — stands for MX record. This mechanism determines what email servers should be used for sending emails and saves you the effort of adding each email server by hand.
a — this mechanism stands for your A record that points out the IP address used for sending emails.
include — this mechanism exists for going beyond administrative boundaries and preventing cross users forgery. By adding “include,” you instruct recipient servers to accept the settings of an SPF record that belongs to a domain featured in your record. For example, this record instructs to include SPF settings for Mandrillapp, Reply.io and Hubspot emails.
~all — this mechanism commands receiving servers to mark emails that fail SPF authentication as suspicion and let them pass. Most records prefer using the “~all” mechanism to prevent complications and make it easier to edit SPF records after adding a new server or new IP address.
What to do if your DNS has multiple SPF records?
Now you know that you can’t have multiple SPF records for your domain. But if you are already facing this issue, how do you make things right?
The go-to option would be to generate a new SPF record that would include all services and domains you use and lay out proper instructions for receiving servers. You can do it either by hand or by using an SPF record generator. For example, Folderly SPF record-maker allows you to instantly generate a record and add all the email apps, domains and subdomains used in your outreach.
Alternatively, you can use MX tools for the same purpose. In general, we recommend using SPF record generators since their algorithm is designed to put all mechanisms in their rightful place, saving you the trouble of editing your SPF record over and over again.
Another way of fixing the multiple SPF records issue is merging your SPF records. Albeit it sounds like a ton of work, you’ll quickly learn the ropes.
Multiple SPF records can be merged into one with the “include:” mechanism we mentioned above.
- Keep your “v=spf1” modifier. This part must remain intact regardless of the changes you apply to your record.
- Now, you want to add services that are allowed to send an email on your behalf. Let’s say you add both Google and Zoho to the list of domains that are authorized to participate in the outreach. Type “include:”, enter “_spf.google.com”, add a space, type “include:” again, and enter “zoho.com”. Your end result must look the following way:
- Repeat this process with any new service you add to your outreach and wrap it up with the “all” mechanism of your choice.
- Mind the character limits! The tricky part behind making an SPF record is that you have much information to include, but the character limit for SPF records won’t let you go all out. On the one hand, it’s a necessary measure to ensure quick and easy processing. On the other hand, users often wind up editing their SPF record over and over again to make sure it meets the requirements. Therefore, we suggest keeping the character limit in mind all the time you work on fixing your multiple SPF records issues.
The standard limit for a single string is 255 characters (spaces included).
Thus, imagine that your SPF record has 252 characters already, but you still need to add more parameters and IP addresses. Going ahead and stretching your string up to 400 characters is clearly not an option.
What should you do? Split your large SPF record into smaller ones.
Now, you may probably find this part confusing. After all, didn’t we explicitly say that you can’t have multiple SPF records for your domain? That’s right; you can’t create several independent SPF records that conflict with each other. But it’s possible to break a large SPF record into several smaller ones as long as you indicate that they’re interconnected.
We know it’s a lot to take in, so let’s start at a slower pace.
How would you split your oversized SPF record for “youromain.com”:
v=spf1 a mx a:mail.domain.com a:server5.anotherdomain.com a:server90.anotherdomain.com a:server95.anotherdomain.com mx:server3.anotherdomain.com include:_spf.google.com include:zoho.com include: mailservice.com ip4:192.168.0.1 ip4:192.168.0.2 ~all
- Create a separate record for your A mechanisms and save it as a TXT file named spf1.yourdomain.com.
v=spf1 a mx a:mail.domain.com a:server5.anotherdomain.com a:server90.anotherdomain.com a:server95.anotherdomain.com mx:server3.anotherdomain.com~all
- Create a separate record for your include mechanism and save it as a TXT file named spf2.yourdomain.com.
v=spf1 include:_spf.google.com include:zoho.com include: mailservice.com ~all
- Create a separate record for your IP addresses and save it as a TXT file named spf3.yourdomain.com.
v=spf1 ip4:192.168.0.1 ip4:192.168.0.2 ~all
- Go back to your initial SPF record and change it to the following:
v=spf1 include:spf1.yourdomain.com include:spf2.yourdomain.com include:spf3.sampledomain.com ~all
As soon as your DNS settings are updated, the system would check your initial record, put all pieces together and greenlight your SPF record.
- Inspect your freshly-made SPF record with a proper validator tool! All things can go wrong when you add and change your record manually, so be better safe than sorry. Both MX tools and Folderly checks allow you to keep your SPF records prim and proper without breaking a sweat.
Remember about DNS lookup limits
Another thing that all outreach experts must know is that the number of DNS lookups is also limited. It means that each modifier and mechanism generates an individual lookup. There can be around 10 queries. After the number of DNS lookups is exhausted, all the following SPF authentication checks will result in failure.
Moreover, you must work on reducing the number of generated lookups because each new lookup slows down the authentication process. Not something you would want if your goal is to optimize and speed up your outreach.
So, you shouldn’t go overboard with your mechanisms and modifiers. Good thing, mechanisms like ip6 and ip4 don’t need DNS queries, so you don’t have to worry about them. CNAME records and hostnames are a completely different story that deserves a separate post.
If you want your outreach to perform smoothly, watch out for multiple SPF records. They can sneak their way into your set of records, putting your email campaigns to a halt. The best thing you can do is to stick to these steps.
- Always check your SPF records and make sure they conform to your current outreach settings.
- Don’t generate a new SPF record when working with a new outreach service. Instead, use your current one.
- Add all new email apps and services to your SPF record as soon as possible to avoid failing authentication checks.
- Merge your multiple SPF records into one with “include:” mechanisms. It will help you prevent chaos and keep all important modifiers in one place.
- Remember: multiple SPF records and split SPF records ARE NOT the same thing. Split SPF records exist to save you from going beyond the character limit.
- Always validate your SPF record with tools to ensure its integrity and functionality. There is a whole range of services ready to assist you with this task.
Additionally, our advice is to stick to reliable providers and expand your outreach kit with instruments that let you accelerate your work and keep your productivity growing. You can learn more Folderly tips by taking a tour around our blog. Let us know if there is any particular topic you want us to break down for you.