Home / server / Questions / 360815
Accepted
Aleks G
Asked: 2012-02-17 03:31:18 +0800 CST

How to specify multiple included domains in SPF record?

  • 772

Our business email is hosted on Google apps. In addition, our web server may also send email. Currently our SPF record in DNS looks like this:

domain.com.    IN   TXT    "v=spf1 a include:_spf.google.com -all"

This is all fine, however now we've outsourced our email list management to another company and we need to include a second domain with include. So, I'm looking for something like:

domain.com.    IN   TXT    "v=spf1 a include:_spf.google.com include:otherdomain.com -all"

What is the correct syntax for this? Many thanks!

domain-name-system email spf

3 Answers

  1. Best Answer

    All SPF mechanisms, including include, can be used multiple times, separated by spaces:

    "v=spf1 include:_spf.google.com include:otherdomain.com -all"

    Evaluation of include works this way:

    • If the included data returned PASS, then the include itself generates a result (for example, include:foo.bar generates a PASS, but -include:foo.bar generates a FAIL).

    • If the included data returned FAIL or NEUTRAL, then the include does not contribute to the result at all, and processing goes to your next mechanism.

    See SPF record syntax and RFC 7208.

    (Note that redirect= is not a mechanism but a global modifier, and cannot be repeated this way.)

    • 94

  2. This is the correct syntax you requested

    domain.com:    IN   TXT    "v=spf1  include:_spf.google.com include:otherdomain.com -all"
    • 8

  3. Just use the include mechanism to add each service in your SPF record:

    v=spf1 a include:_spf.google.com include:otherdomain.com -all

    Make sure you don't create multiple SPF records on one domain. If you do, SPF will return PermError.

    Also note that you don't exceed the 10 DNS lookup limit of SPF, otherwise SPF will return PermError too.

    • 3