Although there is no harm in using multiple email services, creating more than one SPF record never favors your domain’s reputation. Thus, it’s always better to merge SPF records to keep using different email services without any errors and deliverability issues. So, let’s find out how you can merge SPF records to stay away from a variety of email mishaps.

SPF is an email authentication protocol that is documented under RFC 7208.

What is an SPF record?

The Sender Policy Framework (SPF) is an Internet standard that helps combat spam by allowing ADministrative Management Domains (ADMDs) to explicitly authorize the hosts permitted to send messages with their domain names. This prevents malicious users from abusing a legitimate sender’s identity by imposing an SPF policy on the public DNS of its domain.

Structure of an SPF Record

It becomes quite easy to combine the SPF records when you understand the structure of the same. Hence, here are a few points that you should know before merging the SPF records:

An SPF record begins with the “v=spf1” modifier
The same record is made up of one or more rules
A rule can be further broken down into an optional prefix, a mechanism, and an optional value
The value of the prefix is set to pass “+” by default but you can change it as per your preference
A colon “:” is used as a separator between the mechanism and its value
The “all” mechanism is always placed at the end of the record to specify a default response for all the unmatched senders

SPF Record Prefixes and Their Effects

The following list of prefixes has been created to let you learn more about the same:

The pass “+” prefix makes the matching senders pass the SPF verification
The fail “-” prefix makes the matching senders fail the SPF check
The soft-fail “~” prefix makes the senders that match the given mechanism soft-fail the SPF validation
The neutral “?” prefix treats the matching senders as neutral

If you want to gain more clarity about the fail “-” and soft-fail “~” prefixes, then we have written another detailed article to observe the difference between SPF -all and SPF ~all. Please click on the linked text to enhance your knowledge.

Merge SPF Records With Ease

You can merge SPF records by bringing together the required records. It can be done by adding more “include” mechanisms, one for each email sender’s domain. Also, don’t forget to set all the required mechanisms suggested by the email services. Lastly, ensure that the final merged SPF record starts with the “v=spf1” modifier and ends with the “all” mechanism.

Use our free SPF flattening tool PowerSPF to merge SPF records with a single click!

SPF Merging Example

Let’s say, your domain is already authenticated through MailChimp and your current SPF record looks like this:

v=spf1 include:servers.mcsv.net ?all

But now, you want to authorize another email service such as Outlook.com along with the MailChimp, and the suggested SPF record by the former looks similar to this:

v=spf1 a include:spf.protection.outlook.com -all

In this case, you’ll merge SPF records by combining the rules of both of the above records. Please note that you don’t need to repeat any common mechanisms. Moreover, the mechanisms that exist in only one SPF record will be added at the beginning. So, the final merged SPF record will look like this:

v=spf1 a include:spf.protection.outlook.com include:servers.mcsv.net -all

Clearing Out the Prefix Confusion

Are you wondering why the merged record is ending with “-all” while the individual records had “?all” and “-all” at the end? The reason behind using the fail “-” prefix is its effectiveness. Still, some of the email service providers suggest SPF records with “?all” on the safe side. It is because they don’t know enough about your domain setup and don’t want any email deliverability errors on your domain.

Note that setting up your first SPF record with “-all” might get your all emails rejected by the receiver. But once you’ve finalized your list of authorized senders, you can merge SPF records and end the same with the “-all” mechanism.

Summarizing

You can merge SPF records by combining the rules of the individual SPF records. It is that easy and won’t take much of your time. We hope that this article solved your query. Please feel free to come back to get a quick revision of the SPF merging process.

Interested in boosting your email deliverability and gaining spoof protection? Take a free DMARC trial now!

About
Latest Posts

Yunes Tarada

Domain & Email Security Expert at PowerDMARC

Yunes is an Operations Team Lead at PowerDMARC with expert knowledge in email authentication and security. Yunes is a Microsoft-certified Azure Administrator Associate with certifications in CompTIA A+ and many more.

How To Merge SPF Records?