Fix multiple SPF records

How to Fix Multiple SPF Records on Your Domain (The EASY Way)

Do you need to fix multiple SPF records on your domain?

SPF records TXT records starting with v=spf1. Multiple SPF records cause your emails to be rejected or filed as spam.

In this article, we’ll explain:

Fix Your WordPress Emails Now

Can You Have More than 1 SPF Record?

No, you can’t have more than 1 SPF record. But we’ll show you how to merge multiple SPF records the easy way!

You can do this in a few seconds by combining 2 rules into 1 line.

Multiple SPF records in Cloudflare

According to Alexa, one in 6 domains with an SPF record is using the wrong format. So it’s definitely worth checking to make sure you don’t have any extra or unwanted SPF records.

How to Fix Multiple SPF Records

If you have multiple SPF records, here’s the good news: this is an easy problem to fix, and it only takes a few minutes.

To begin, we’ll check your DNS records with a free online tool.

Check For Multiple SPF Records

SPF validates your outgoing email messages to prevent domain spoofing. Domain spoofing is when a spammer pretends to be you when sending phishing or malware emails.

When the receiving server gets an email from you, it checks the sender domain against the SPF record. If the SPF check fails, the receiving server could mark it as spam or reject it.

Sometimes multiple SPF records are hard to spot. You might not even know you need to combine SPF records because your receiving email host might automatically fix the issue for you.

We can use MXToolbox to scan your DNS record for more than 1 SPF record. To do this, type your domain name into the field and click the SPF Record Lookup button.

Check MXToolbox for multiple SPF records

If you have more than 1 SPF rule set up, you’ll see the message More than one record found. The SPF records are shown in the red bars at the top.

Multiple SPF records error in MXToolbox

We have 2 lines starting with v=spf1, so that could cause issues with email delivery because the receiving email server might ignore both of those records.

To solve the issue with your SPF records, we’re going to edit your domain’s DNS records and combine both rules.

DNS records are typically held by:

  • Your domain registrar
  • The web hosting company you’re using, if you bought your hosting and domain as a package
  • A CDN provider, if you’ve chosen to use one.

Let’s log in to the control panel where your DNS is hosted.

Edit SPF in Cloudflare

We’ll show you how to fix multiple SPF records using Cloudflare next.

First, log in and select the domain you want to edit.

Open DNS in Cloudflare

You’ll see your entire DNS listed. Look for the TXT records to find the duplicates.

Multiple SPF records in Cloudflare

Edit SPF in Bluehost

If your domain is hosted by Bluehost, log in to your control panel to start.

From the left hand menu, click on Domains.

Edit Bluehost domains

From the list, click the Manage dropdown next to the domain you need to edit.

Manage domain to merge SPF in Bluehost

From the menu that pops out, click on DNS.

Bluehost edit DNS

Now scroll down until you find your TXT records.

Multiple SPF TXT records in Bluehost

Merge Your SPF Records

Now we’re going to use the correct syntax to merge your records. This will allow you to use multiple IPs or domains in 1 line.

We’ll use Cloudflare in this example, but the steps are similar for most hosts and registrars.

Look to the DNS zone and find the first SPF rule.

Edit multiple SPF records in Cloudflare

Copy the existing rule to your clipboard. You might want to paste it into a text document so you can grab it again in a second.

Now delete that record from your DNS.

Delete duplicate SPF record

In Bluehost, you can delete the record using the icon to the right with the 3 dots.

Delete SPF Bluehost

We’re going to switch back to Cloudflare for the rest of these steps.

Now click Edit next to the remaining SPF record.

Edit SPF record in Cloudflare

An SPF record has 3 sections: the declaration, the allowed IPs or domains, and an enforcement rule. So we’re going to combine the records like this:

  • Declaration: Start the record with v=spf1 (don’t use this again in the rule – it must only appear at the start)
  • Allowed domains: Add an include for each domain
  • Enforcement rule: End the record with one ~allstatement (again, only use this at the end)

Once we’ve combined the SPF rules, our combined record looks like this:

v=spf1 include:zoho.eu include:mailgun.org ~all

Go ahead and edit your SPF rule so that it combines both of the domains.

Combined SPF rule in Cloudflare

As long as you only have 1 declaration and 1 enforcement rule, you can include more domains if you need to.

The limits for this are:

  • The statement can have a maximum of 10 domain lookups (e.g. include)
  • The statement must be less than 255 characters long.

Don’t forget to Save before moving on.

Test Your Merged SPF Records

It can take up to 48 hours for DNS changes to propagate, although Cloudflare changes often take effect in a few minutes.

Once you’ve waited a while, check your domain name again in MXToolbox.

You should now see a pass message similar to this one.

Valid merged SPF records in MXToolbox

And that’s it! You successfully fixed the problem of multiple SPF records on your domain.

Fix Your WordPress Emails Now

Frequently Asked Questions on SPF Records

Let’s finish up with a little more background information about SPF records.

What Does SPF Mean?

SPF stands for Sender Policy Framework. The full specification is defined in a technical document called RFC4408.

Is SPF Required for Every Mailer in WP Mail SMTP?

SPF is required for many mailers, including:

  • SMTP.com
  • Sendinblue
  • Mailgun
  • Sendgrid
  • G-Suite
  • Outlook, if used with your own custom domain
  • Zoho Mail, if used with your own custom domain

In WP Mail SMTP, SPF is not required for:

  • Gmail addresses ending with gmail.com or googlemail.com (in other words, Google email addresses that are not controlled by a G-Suite subscription or a custom domain)
  • Hotmail or Microsoft email addresses ending with outlook.com
  • Zoho Mail addresses ending with zohomail.com.

If you don’t add SPF, WP Mail SMTP may show you a warning:

Action Needed: It doesn't look like the SPF record required by Google has been added to your domain. Please check out Google's SPF guide for details on how to add this record to your domain's DNS.

What Happens If I Have No SPF Records?

Some email services don’t require SPF records. If yours does, and you haven’t set one up, mail servers will look for a DMARC record to figure out what to do with the email. This is likely to result in your emails being filed in the junk email folder.

How Did I Wind Up With Multiple SPF Records?

Multiple SPF records are often added by accident. For example, you might have more than 1 because:

  • You switched mailer service: If you swap your mailer (for example, you move from SMTP.com to Sendinblue), you might have forgotten to remove the first SPF record before adding a new one.
  • You’re using different services for different types of emails: For example, you might need to use Sendinblue to send WordPress emails with WP Mail SMTP, and another provider like SMTP.com to handle emails for your email marketing list.

If I Have Multiple SPF Records, Will My Test Email in WP Mail SMTP Still Work?

Sometimes you’ll still receive test emails in WP Mail SMTP even though you have multiple SPF records (or none at all). This might be because:

  • The receiving server is automatically dealing with the multiple SPF records behind the scenes, so you don’t notice a problem
  • Your mailer service doesn’t require SPF records, so it’s already ignoring them.

Does SPF Apply to My Subdomains?

No. Unlike DMARC, SPF doesn’t apply to subdomains. You need to create separate SPF records for subdomains at your host.

What Does ‘Too Many DNS Lookups’ Mean?

SPF works by checking every domain in the rule. This is called a lookup. So if your SPF record has too many domains in it, it will fail. The maximum allowed is 10.

You might see the error Too many lookups or Maximum hop count exceeded.

If you need to add more than 10 lookups to an SPF rule, you can add a subdomain and create a new SPF rule for that subdomain to get around this limit.

Additionally, check with your provider. They might provide a different SPF rule if you’re using more than 1 of their services.

What Does -all vs ~all Mean?

In an SPF record, -all means that any email not matching the domains will fail to be delivered. The ~all enforcement rule is slightly less strict and will look for further validation.

Some email providers will recommend the use of ?all (giving a neutral result).

If you need to combine statements with different enforcement rules, you can use ~all unless your email provider recommends a different approach.

It’s very important that you do not use +all because this will allow anyone on the internet to use your domain to send spam.

Do I Need a PTR Record?

Yes, you’ll also need a PTR record, but you likely won’t need to create it yourself. To find out more about it, check out this guide: What Is a DNS PTR Record?

Fix Your WordPress Emails Now

Next Step: Check Your DMARC Record

SPF is one of 3 email authentication methods that help improve deliverability and stop spam. Most email service providers use SPF along with DKIM and DMARC.

Now you have your SPF record set up, check out our easy guide on how to create a DMARC record. It includes a DMARC example that you can quickly copy and paste.

Ready to fix your emails? Get started today with the best WordPress SMTP plugin. WP Mail SMTP Elite includes full White Glove Setup and offers a 14-day money-back guarantee.

If this article helped you out, please follow us on Facebook and Twitter for more WordPress tips and tutorials.

Add a Comment

We're glad you have chosen to leave a comment. Please keep in mind that all comments are moderated according to our privacy policy, and all links are nofollow. Do NOT use keywords in the name field. Let's have a personal and meaningful conversation.

This form is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.