Search MailerLite
Start typing to search

No results

No results

How to merge SPF records

How to merge SPF records

When authenticating your domain, you will have to add an SPF record in your domain's DNS settings. An SPF record indicates which IP addresses and/or hostnames have been authorized to send emails from your domain.

You may have to include several SPF values in the DNS zone of your domain if you send emails through several services. 

It is only possible to have one SPF record in the DNS zone of your domain. Having more than one SPF record will make the authentication impossible, and some hosting providers won’t even allow you to have more than one.  

If you need to include more than one SPF record in your DNS zone, then you should merge them into a single record by including all the values or mechanisms in the same record.

Let’s assume your domain is already authenticated through Outlook, so you have the SPF record v=spf1 a include:spf.protection.outlook.com -all.

Now, you want to authenticate your domain with MailerLite, so you have to add the second SPF record v=spf1 a mx include:_spf.mlsend.com ~all to your DNS page.

Let’s look at the different parts or mechanisms of an SPF record to better understand how it works.

The “v” prefix

The first part of an SPF record starts with v=spf1, which simply identifies the record as the first version of SPF. This is the only version that exists at the moment. Since you can add several TXT records, this basically tells the DNS of the domain to treat this record as SPF.

The “a” mechanism

Both records also contain the a mechanism afterward, which basically indicates the address of your domain in an IP number. The sending IP must match the A record of the From domain to be authenticated.

The “mx” mechanism

Only the one from MailerLite includes the mx mechanism, which indicates which email servers should be used when emails are being relayed. The sending IP must match the MX record of the From domain to be authenticated.

The “include” mechanism

The middle part of an SPF record begins with include, which basically tells the DNS to include this particular domain in the SPF setup of your domain. It allows emails to be authenticated through the same IPs allowed in the included domain.

The “all” mechanism

The last part of an SPF record, the all mechanism defines how an email should be treated. It should always be at the end of the record, and it is required to be a valid SPF record.

This mechanism will include one of the following qualifiers:

  • +all - it's the default prefix, so it can be omitted

  • ?all - adding this rule creates the impression that there is no SPF, so it’s not recommended

  • -all - it will be rejected and not sent and if the email doesn’t comply with the set rules

  • ~all - it will be sent but tagged as SOFTFAIL if the email doesn’t comply with the set rules

To merge the SPF values, simply include all the parts into one single record, without repeating any mechanisms. 

This means that if both records have an a, it should only be included once at the beginning in the default record. If only one of the records includes an mx, it should also be included in the first part. 

However, please note that the last part has to be either ?all, -all or ~all. It’s not possible to have more than one, so it is ultimately your choice which declaration of all your domains will use. 

The merged SPF record would look like this:

v=spf1 a mx include:_spf.mlsend.com include:spf.protection.outlook.com -all.

Still have questions?
If you have any questions, feel free to contact us at support@mailerlite.com. A member of our support team will gladly assist you.