Can I have more than one SPF record?

No — having two SPF records is a configuration error. Merge them into one record using multiple `include:` entries.

SPF

What is SPF?

Sender Policy Framework

Sender Policy Framework (SPF) is a DNS TXT record that lists which IP addresses and services can send email using your domain as the From address. Receiving mail servers check the SPF record — if the sending IP is not on the list, the message fails SPF.

In more detail

SPF is one of three records (SPF, DKIM, DMARC) that together authenticate outgoing email. SPF covers the envelope (return path); DKIM signs the headers and body; DMARC sets the policy.

The record starts with `v=spf1` and lists allowed senders. Common entries include `include:_spf.google.com` (Google Workspace), `include:_spf.resend.com` (Resend), `include:mailgun.org` (Mailgun). It ends with `~all` (soft fail) or `-all` (hard fail).

SPF record for Google Workspace + Resend

v=spf1 include:_spf.google.com include:_spf.resend.com ~all

Why this matters

Why builders care

Every AI-built SaaS sends transactional email (signups, password resets, receipts). Without SPF, those emails go to spam on Gmail and Outlook. Adding SPF takes one DNS entry.

FAQ

Frequently asked questions

Can I have more than one SPF record?: No — having two SPF records is a configuration error. Merge them into one record using multiple `include:` entries.

Fix guides

Fix SPF issues

Missing SPF record

Without SPF, anyone can send email that looks like it came from your domain. Here is the one DNS record you need to stop that.

Missing DMARC record

DMARC tells receiving mail servers what to do with email that fails SPF or DKIM — quarantine, reject, or nothing. Here is how to set it up.

Missing DKIM record

DKIM signs your outgoing email so receivers can verify it was not tampered with. Here is how to enable it through your email provider.

Free tools

Check it yourself

Email security checker

Can someone spoof email from your domain? Check in 10 seconds.

Related terms

Keep learning

Domain-based Message Authentication, Reporting & Conformance

DMARC tells receiving mail servers what to do with email that fails SPF or DKIM checks. The single most important email security record.

DomainKeys Identified Mail

DKIM is a digital signature on outgoing email, letting receivers verify it came from you and was not tampered with.

See where your site stands

Paste a URL, get a score in 60 seconds. Free, no signup.