### [Multiple SPF Records: How to Merge Them (The EASY Way)](https://wpmailsmtp.com/fix-multiple-spf-records/) **Published:** February 17, 2021 **Author:** Claire Broadley **Excerpt:** Do you have multiple SPF records on your site? If so, you need to merge these SPF records to make sure you only have one record entry on your domain. Multiple SPF records on your domain can cause your emails to be rejected or filed as spam. In this post, we'll show how to check if you have multiple SPF records and merge these. **Content:** Multiple SPF records on the same domain cause SPF authentication to fail. The fix is to merge all `TXT` records starting with `v=spf1` into a single line in your DNS. Multiple SPF records can cause your emails to be rejected or filed as spam. This guide shows you how to check for duplicates and combine them correctly. - [What Happens If You Have More than 1 SPF Record?](#aioseo-what-happens-if-you-have-more-than-1-spf-record) - [How to Fix Multiple SPF Records](#aioseo-how-to-fix-multiple-spf-records) - [Check For Multiple SPF Records](#aioseo-check-for-multiple-spf-records) - [Example 1: SPF Records in Cloudflare](#cloudflare) - [Example 2: SPF Records in Bluehost](#bluehost) - [How to Include Multiple SPF Records in 1 TXT Record](#merge-spf) - [Bulk-Sender Rules That Affect SPF](#gmail-bulk-sender-rules) - [Test Your Merged SPF Records](#test-spf) - [What If I Still See an Error?](#aioseo-what-if-i-still-see-an-error) [Fix Your WordPress Emails Now](https://wpmailsmtp.com/pricing/) ### What Happens If You Have More than 1 SPF Record? If you have multiple, separate SPF records for a single domain, your emails will fail SPF authentication and return a PermError. According to a 2025 study by Cornell University, 56.5% of domains publish SPF records but 2.9% have errors, including duplicate records. ![Multiple SPF records in Cloudflare](https://wpmailsmtp.com/wp-content/uploads/2021/02/multiple-spf-records-cloudflare.png)You might not even know your SPF records are invalid. If you have two or more, they are often all ignored, which is bad news for email deliverability. The fix is to merge these multiple TXT records into a single line. It only takes a few minutes to combine them correctly. ## How to Fix Multiple SPF Records ### ✋ Let Our Experts Handle Your Email Setup **White-Glove Setup:** We’ll install WP Mail SMTP, connect it to *SendLayer, SMTP.com, or Brevo*, and set up the required DNS records (SPF, DKIM, DMARC) for you, so every message passes authentication. White Glove Setup is included with our Elite license and available as an optional extra with our Pro license [Get Started Now](https://wpmailsmtp.com/pricing/) To begin, we’ll check your DNS records with a free online tool. ### Check For Multiple SPF Records We’ll start by using a free tool called [MXToolbox](https://mxtoolbox.com/spf.aspx) to scan your DNS records for more than 1 SPF record. To do this, type your domain name into the field and click the **SPF Record Lookup** button. ![Check MXToolbox for multiple SPF records](https://wpmailsmtp.com/wp-content/uploads/2021/02/multiple-spf-records-mxtoolbox-lookup.png)If you have more than 1 SPF rule set up, you’ll see the message **More than one record found**. The SPF records are shown in the red bars at the top. ![Multiple SPF records error in MXToolbox](https://wpmailsmtp.com/wp-content/uploads/2021/02/multiple-spf-records-error-mxtoolbox.png)As you can see, 2 lines are start with `v=spf1`, which is why we’re seeing an error. A receiving mail server won’t know which rule to follow, so it will ignore both. To solve the issue with your SPF records, we’re going to edit your domain’s DNS records and combine multiple SPF TXT records into one. You’ll need to open up the control panel for the company that hosts your DNS. In most cases, DNS records are held by: - Your domain registrar (the company you bought your domain name from) - The web hosting company you’re using, if you bought your hosting and domain as a package - A CDN provider, if you’ve chosen to use a CDN. Cloudflare is one example. You may have already edited your DNS when you created [DMARC, SPF, and DKIM records](https://wpmailsmtp.com/dmarc-spf-dkim/) for your transactional email provider. We’ll recap on that process so you can merge your SPF records now. #### Example 1: SPF Records in Cloudflare Each provider’s control panel will look slightly different. We’ll show you how to fix multiple SPF records using Cloudflare first. To start, log in and select the domain you want to edit. ![Open DNS in Cloudflare](https://wpmailsmtp.com/wp-content/uploads/2021/03/how-to-create-a-dmarc-records-edit-dns-cloudflare.png)You’ll see your entire DNS listed. Look for the TXT records to find the duplicates. ![Multiple SPF records in Cloudflare](https://wpmailsmtp.com/wp-content/uploads/2021/02/multiple-spf-records-cloudflare.png)If your DNS doesn’t look like this, let’s try another way of finding the right records. #### Example 2: SPF Records in Bluehost Bluehost uses cPanel, so this example should be easy to follow if you’re using a similar host. First log in to your hosting control panel. From the left-hand menu, click on **Domains**. ![Edit Bluehost domains](https://wpmailsmtp.com/wp-content/uploads/2021/02/bluehost-domains-spf.png)From the list, click the **Manage** dropdown next to the domain you need to edit. ![Manage domain to merge SPF in Bluehost](https://wpmailsmtp.com/wp-content/uploads/2021/02/bluehost-domains-manage-spf.png)From the menu that pops out, click on **DNS**. ![Bluehost edit DNS](https://wpmailsmtp.com/wp-content/uploads/2021/02/bluehost-dns-manage-spf.png)Now scroll down until you find your TXT records. You’ll see the SPF records in this section. ![Multiple SPF TXT records in Bluehost](https://wpmailsmtp.com/wp-content/uploads/2021/02/bluehost-multiple-spf.png)Again, your DNS records may be laid out in an alternative format, but most cPanel hosts have similar menus with varying colors (skins). Even if your hosting account looks slightly different, the screenshots above should help you find them. If not, reach out to your host. ### How to Include Multiple SPF Records in 1 TXT Record Now we’re going to use the correct syntax to merge all SPF records into one TXT entry. This will allow you to use multiple IPs or domains in 1 record, resolving the error we saw earlier. We’ll use Cloudflare in this example, but the steps are similar for most hosts and registrars. Look to the DNS zone and find the first SPF rule. Click **Edit**. ![Edit multiple SPF records in Cloudflare](https://wpmailsmtp.com/wp-content/uploads/2021/02/multiple-spf-records-edit-delete-cloudflare.png)Copy the existing rule to a blank text document on your desktop so you can grab it again in a second. Now delete that record from your DNS. ![Delete duplicate SPF record](https://wpmailsmtp.com/wp-content/uploads/2021/02/multiple-spf-records-delete-cloudflare.png)In Bluehost, you can delete the record using the icon to the right with the 3 dots, then clicking **Remove**. ![Delete SPF Bluehost](https://wpmailsmtp.com/wp-content/uploads/2021/02/bluehost-merge-spf.png)We’re going to switch back to Cloudflare for the rest of these steps to make it easier to demonstrate. Click **Edit** next to the second SPF record. ![Edit SPF record in Cloudflare](https://wpmailsmtp.com/wp-content/uploads/2021/02/multiple-spf-records-edit-cloudflare.png)Now we’re going to merge the SPF record from your text file into this one. An SPF record has 3 sections: the declaration, the allowed IPs or domains, and an enforcement rule. So we’re going to combine the records like this: - **Declaration**: Start your SPF record with `v=spf1` (don’t use this again in the rule — it must only appear once, at the start) - **Allowedins**: Add an `include` lookup for each domain, like this: `include:zoho.eu include:mailgun.org` - **Enforcement rule**: End the record with one `~all` statement (again, only use this at the end of the rule, and only add it once) Once we’ve combined the SPF rules, our combined record looks like this: `v=spf1 include:zoho.eu include:mailgun.org ~all` Go ahead and save your SPF record. ![Combined SPF rule in Cloudflare](https://wpmailsmtp.com/wp-content/uploads/2021/02/multiple-spf-records-merged.png)As long as you only have 1 declaration at the start, and 1 enforcement rule at the end, you can include more domains if you need to. Just be sure to format them in a single line. Here’s an example: `v=spf1 include:zoho.eu include:spf.brevo.com include:mailgun.org ~all` While you can keep extending the record, keep in mind that there are some limits: - The statement can have a maximum of 10 domain lookups (e.g. `include`) - Each DNS string in the record must be under 255 characters. If your record is longer than that, you can split it into multiple quoted strings within the same TXT record — DNS resolvers concatenate them automatically. Don’t forget to **Save** before moving on. ### Bulk-Sender Rules That Affect SPF **Heads-up for high-volume senders:** If you’re sending 5,000 or more messages per day to Gmail addresses, SPF on its own is no longer enough. Google, Yahoo, and Microsoft all enforce authentication requirements for bulk senders. Miss any of them and your mail can be rate-limited or permanently rejected. - **SPF or DKIM must align with your From: domain** – The domain in the `From:` header must match either the SPF or DKIM domain to satisfy DMARC alignment. [See Google rule](https://support.google.com/a/answer/81126#alignment) - **Send over TLS & add ARC for forwarded mail** – Gmail requires TLS for SMTP connections, and expects ARC headers on anything you gateway or mailing-list forward. [Official guidelines](https://support.google.com/a/answer/81126#requirements) - **Keep user-reported spam rate below 0.10%** – Monitor the “Spam Rate” graph in [Google Postmaster Tools](https://postmaster.google.com/). The hard ceiling is 0.30% — go above that and you lose eligibility for Gmail mitigation. Since November 2025, Gmail permanently rejects non-compliant bulk mail with a 550 error rather than temporarily deferring it. Microsoft has enforced equivalent requirements since May 2025. SPF, DKIM, and DMARC are now required for bulk senders delivering to Outlook, Hotmail, and other Microsoft-hosted addresses. ### Test Your Merged SPF Records It can take up to 48 hours for DNS changes to propagate, although Cloudflare changes often take effect in a few minutes. Once you’ve waited a while, check your domain name again in MXToolbox. You should now see a pass message similar to this one. ![Valid merged SPF records in MXToolbox](https://wpmailsmtp.com/wp-content/uploads/2021/02/multiple-spf-records-mxtoolbox-valid.png)And that’s it! You successfully fixed the problem of multiple SPF records on your domain. ### What If I Still See an Error? If you still see an error like `too many lookups`, there may be multiple lookups going on for each domain in your SPF record. In other words, every domain has its own `include` statements and the total number is exceeding the maximum allowed. You can [solve this by flattening your SPF record](https://sendlayer.com/blog/what-is-spf-flattening/). [Fix Your WordPress Emails Now](https://wpmailsmtp.com/pricing/) ### Frequently Asked Questions on SPF Records Let’s finish up with a little more background information about SPF records. #### What Does SPF Mean? SPF stands for Sender Policy Framework. The full specification is defined in a technical document called RFC4408. #### What Does an SPF Record Do? SPF validates your outgoing email messages to prevent domain spoofing. Domain spoofing is when a spammer pretends to be you when sending phishing or malware emails. When the receiving server gets an email from you, it checks the sender domain against the SPF record. If the SPF check fails, the receiving server could mark it as spam or reject it. #### How Many SPF Records Can I Have Per Domain? You can have 1 record max for each domain. Note that subdomains need their own record. #### Is SPF Required for WordPress Emails? Yes. Google, Yahoo, and Microsoft now require valid email authentication (SPF, DKIM, and DMARC) for messages delivered to their platforms. Google has enforced this since February 2024, Yahoo followed, and Microsoft brought in equivalent bulk-sender requirements in May 2025. Since November 2025, [Gmail permanently rejects non-compliant messages](https://wpmailsmtp.com/fix-gmail-blocking-emails/) rather than deferring them. By default, WordPress doesn’t add authentication to outgoing emails. If you install an SMTP plugin like WP Mail SMTP and set up a matching SPF record, your mail will pass these checks. #### Is SPF Required for Every Mailer in WP Mail SMTP? It’s required for most, but not all. SPF is required if you’re using: - [SMTP.com](https://wpmailsmtp.com/go/smtp/ "SMTP.com") - [Brevo](https://wpmailsmtp.com/go/brevo/ "Brevo(Formerly Sendinblue)") - Mailgun - Sendgrid - Google Workspace - Gmail, if used with your own custom domain - Outlook, if used with your own custom domain - [Zoho Mail](https://wpmailsmtp.com/go/zoho-mail-3/ "Zoho Mail"), if used with your own custom domain In WP Mail SMTP, SPF is *not* required for: - Gmail addresses ending with `gmail.com` or `googlemail.com` (in other words, Google email addresses that are not associated with your own custom domain) - Hotmail or Microsoft email addresses ending with `outlook.com` - Zoho Mail addresses ending with `zohomail.com`. - Any senders set up in Postmark, SparkPost, or SendLayer. If you don’t add SPF when it’s needed, WP Mail SMTP may show you a warning: `Action Needed: It doesn't look like the SPF record required by Google has been added to your domain. Please check out Google's SPF guide for details on how to add this record to your domain's DNS.` #### What Happens If I Have No SPF Records? Some email providers don’t require SPF records, so it might not be a problem. For example, Postmark only needs you to set up DKIM. If yours requires SPF, it’ll say that in its documentation. If SPF is required and you haven’t set it up, mail servers will look for a DMARC record to figure out what to do with the email. Be warned that relying on DMARC alone is likely to result in your emails being filed in the junk email folder. #### How Did I Wind Up With Multiple SPF Records? Multiple SPF records are often added by accident. For example, you might have more than 1 because: **You’re using different services for different types of emails**: For example, you might need to use Brevo to send WordPress emails with [WP Mail SMTP](https://wpmailsmtp.com/pricing/), and another provider like SMTP.com to handle emails for your email marketing list. **You switched mailer service**: If you swap your email service provider (for example, you move from [SMTP.com](https://wpmailsmtp.com/go/smtp/ "SMTP.com") to [Brevo](https://wpmailsmtp.com/go/brevo/ "Brevo(Formerly Sendinblue)")), you might have forgotten to remove the first SPF record before adding a new one. #### If I Have Multiple SPF Records, Will My Test Email in WP Mail SMTP Still Work? It might. Some customers have told us they still receive test emails in [WP Mail SMTP](https://wpmailsmtp.com/pricing/ "Pricing") even though they have multiple SPF records (or none at all). This might be because: - The receiving server automatically deals with the multiple SPF records behind the scenes, so you don’t notice there’s a problem. - Your mailer service doesn’t require SPF records anyway. It’s better not to leave this to chance since it can cause problems later. #### Does SPF Apply to My Subdomains? No. Unlike DMARC, SPF doesn’t apply to all of your subdomains automatically. You need to create separate SPF records for subdomains. #### What Does “Too Many DNS Lookups” Mean? The **include** statement that we added is called a DNS lookup. SPF works by checking every domain in the rule. It will fail if you have more than 10. You might see the error **Too many lookups** or **Maximum hop count exceeded**. - If you need to add more than 10 lookups to an SPF rule, you can add a subdomain and create a new SPF rule for that subdomain to get around this limit. - If you don’t have more than 10, it’s likely happening because every domain in your SPF record is being queried, and those domains have multiple `include` statements of their own. The result is that DNS is being queried too many times for the domains you entered. [SPF flattening](https://sendlayer.com/blog/what-is-spf-flattening/) will solve this. Additionally, check with your provider. They might provide a different SPF rule if you’re using more than 1 of their services. #### What Does -all vs ~all Mean? In an SPF record, `-all` (HardFail) means any message from a sender not listed in your record should be rejected by the receiving server. `~all` (SoftFail) means non-matching mail is accepted but may be flagged as suspicious. Most providers recommend `~all` unless you’re certain every legitimate sender is already in your SPF record. Some email providers will recommend the use of `?all` (giving a neutral result). If you need to combine statements with different enforcement rules, it’s safe to use `~all` unless your email provider recommends a different approach. It’s very important that you ***do not*** use `+all` in your SPF record. This will allow anyone on the internet to use your domain to send spam. #### Do I Need a PTR Record? Yes, you’ll also need a PTR record, but you likely won’t need to create it yourself. To find out more about it, check out our [guide to PTR records.](https://wpmailsmtp.com/what-is-ptr-dns-record/) #### What Does SPF PermError Mean? The PermError occurs when an email service provider fails to verify your domain’s SPF record. This may happen if you’re using the incorrect syntax in your SPF record entry or if you have multiple SPF records. To fix the PermError, check your syntax and combine your SPF records if you have more than one. You may sometimes see a TempError too, which means there was a temporary issue. See [our article on setting up Postmaster Tools](https://wpmailsmtp.com/how-to-set-up-google-postmaster-tools/) so see what a TempError looks like. #### Do I Need to Merge My DKIM Records? No — DKIM records sometimes need to be split because some providers can’t handle super long entries in your DNS. If you see two, that’s likely intentional. To find out more, read our article on [how to split your DKIM record](https://wpmailsmtp.com/solved-how-to-split-a-dkim-record/). [Fix Your WordPress Emails Now](https://wpmailsmtp.com/pricing/) ### Next, Check Your DMARC Record SPF is one of 3 email authentication methods that help improve deliverability and stop spam. Most email service providers use SPF along with DKIM and DMARC. Now you have your SPF record set up, check out our guide on [how to create a DMARC record](https://wpmailsmtp.com/how-to-create-dmarc-record/). It includes a DMARC example that you can quickly copy and paste. Ready to fix your emails? [Get started today](https://wpmailsmtp.com/pricing) with the best WordPress SMTP plugin. If you don’t have the time to fix your emails, you can get full White Glove Setup assistance as an extra purchase, and there’s a 14-day money-back guarantee for all paid plans. If this article helped you out, please follow us on [Facebook](https://facebook.com/wpmailsmtp) and [Twitter](https://twitter.com/wpmailsmtp) for more WordPress tips and tutorials. **Categories:** WordPress Tutorials **Tags:** email deliverability, spf records ---