Do's and Don'ts for multiple SPF records

Do's and Don'ts for multiple SPF records

SPF is an abbreviation for Sender Policy Framework, and it is used to verify the legitimacy of emails. It is necessary to employ SPF records, which are TXT documents. The following section will discuss how to avoid having frequent SPF difficulties. The topic of the second most frequently encountered error will be the creation of multiple SPF records for a single domain.

First rule: One SPF record for one domain

In RFC4408, it is explicitly specified that a domain name must not contain multiple records that cause an authorization check to be performed in order for the user to choose multiple records.

Having several text SPF entries for your domain will result in the receiving server rejecting your domain. The majority of the time, DNS TXT record duplication is an inadvertent error. SPF authentication will fail if there are several SPF records on a single domain.

How do I verify my SPF record?

Utilize a specialized tool to verify the SPF record associated with your domain. Looking at MailSlurp.mx's SPF record provides some of the details of how they work using the dig command on unix or mac:

dig -t txt mailslurp.mx

We use the -t txt flag to request TXT records. TXT records can contain SPF values. The result for MailSlurp's mx server is the following:

; <<>> DiG 9.16.1-Ubuntu <<>> -t txt mailslurp.mx
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 19171
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 65494
;; QUESTION SECTION:
;mailslurp.mx.			IN	TXT

;; ANSWER SECTION:
mailslurp.mx.		600	IN	TXT	"v=spf1 include:amazonses.com -all"

;; Query time: 32 msec
;; SERVER: 127.0.0.53#53(127.0.0.53)
;; WHEN: Sun Jan 16 10:04:55 NZDT 2022
;; MSG SIZE  rcvd: 87

Note the SPF answer for MailSlurp is mailslurp.mx. 600 IN TXT "v=spf1 include:amazonses.com -all". Let us chfind other ways to check SPF recods.

Other ways to verify SPF records

MXToolbox SPF Check

Exchange SPF Record Check is a tool that thoroughly examines the SPF record. To begin, enter your domain name or IP address in the appropriate field. You can also look at MX records, DNS records, sender reputation, and other information.

Easy DMARC SPF Lookup

The SPF Record Lookup prioritizes the retrieval of domain names. The SPF Lookup Tree contains all of the necessary and optional lookups.

LookUp SPF Records by Agari

LookUp SPF Records by Agari It only displays the legitimate records as well as some general knowledge like the number of DNS probing techniques and IP addresses allowed.

Hand checking SPF records

Manually check the SPF record utilizing nslookup. To do so, execute nslookup -type=txt domain-name&gt;. There can be just one v=spf1 entry.

What to do after finding multiple SPF records in your domain

Duplicate SPF records should be promptly rectified if you use a major mail server like Microsoft Exchange or Gmail. Smaller email companies rarely have sophisticated features, so you'll have to handle this yourself. The ideal method is to combine both DNS TXT entries. To do so, populate the new entry with data from the old one.

Handling SPF records correctly

  • Multiple SPF record syntax includes merging, but there are other significant points.
  • Limiting DNS lookups: The total number of DNS lookup techniques and modifiers cannot exceed ten. Include, a, MX, ptr [deprecated], existing, and redirect all yield one lookup. SPF authentication fails if this number is exceeded.
  • Consider nested include mechanisms.
  • SPF record character constraints: You should also consider the 255-character limit for single SPF records.

Conclusion

A correctly constructed SPF record is only one component of dependable email delivery. The DMARC record and DKIM signatures are also factors. Check our dedicated blog entries for setup. So whether it is a multiple SPF record office 365 or an exchange SPF record check, you now know how to work through it.

Related content

Java email library for SMTP and creating email addresses

MailSlurp Java SDK for sending and receive email and attachments on the JVM.

Email for testing

Test email accounts for email testing. Alternatives to Mailinator, MailTrap, Mailosaur and more.

Email marketing campaign bulk email testing

Send bulk transactional emails with MailSlurp online or in code using CSharp, Node.js, Java, PHP and more.

Cold Emailing in Compliance with CAN-SPAM

Cold Emailing in Compliance with CAN-SPAM

Do's and Don'ts for multiple SPF records

Do's and Don'ts for multiple SPF records

Email Over Blockchain

Can emails be sent over blockchain? Well kind of! LedgerMail and other and at the cutting edge of decentralized email.

Explaining Cloud Email with Options to Think About

Explaining Cloud Email with Options to Think About

GraphQL Email API Tutorial

Did you know you can send and receive emails using GraphQL?

How to choose the right email design size (for various campaigns)

Email sizes can be instrumental to determine if your consumer will comprehend and engage with your content. While the template width (600 px) is typical, there are nuances to be mindful of. There are no hard and fast standards for email template height like design blocks.

HTML Mailto Links Explained

HTML Mailto is uncomplicated to use. This link opens the default email client and adds a new notification maker. Pre-populated fields save time and prevent email bounces. This post will cover customizing mailto. We'll also discuss its viability in this decade. Come on.

How to send emails in Javascript (NodeJS)

JS SMTP email sending guide using HTML and NodeJS.

Mailinator alternative

Alternatives to Mailinator for test email accounts. Create real email addresses using MailSlurp

How to use Mailto links

Mailto links not working guide.

Manage Email Throttling Correctly!

Manage Email Throttling Correctly!

Maximum Email Size and How to Optimize It

Email sizes are fundamental for a few important reasons. One is security, and another is the performance of your email.

SPF Records Explained: What Are They?

An SPF record is now required for reliable email delivery. It protects your emails from being faked. This protects you against phishing scams and trollers.

Transactional Email Services Compared

Sending emails is important for many applications. Top 10 transactional email services compared.

What is DKIM Email

How to setup and configure DKIM signatures with the sender policy framework (SPF)

CSharp Email Tutorial

SMTP mailserver testing and usage in CSharp using

Email internationalization and i18n localization

Email internationalization and i18n localization

Ready to dive in?Start building email applications today.