How to include multiple spf domains with different mechanisms in a single spf TXT Record

domain-name-system mx-record spf txt-record

13,686

You can combine them all like this.

v=spf1 a mx ptr ip4:x.x.x.x ip4:y.y.y.y include:mktomail.com include:icpbounce.com include:spf.mandrillapp.com -all

I recommend changing the ~all to -all - the whole point in setting up authentication in the first place is to make it fail when it's violated. Then test sending emails from all the different places to a testing tool like [email protected]. To ensure the SPF passes from each send point.

13,686

Oxi

The things you own end up owning you. It's only after you lose everything that you're free to do anything.

Updated on September 18, 2022

Comments

Oxi almost 2 years
EDIT : How to Mix the different mechanisms (a , mx , ip4 , ptr and include) to create single SPF file from 4

I know that 2 simple SPF records like
```
v=spf1 include:_spf.google.com ~all
v=spf1 include:otherdomain.com ~all
```
can be merged to one as
```
v=spf1 include:_spf.google.com include:otherdomain.com ~all
```
I have bit more complex SPF records with mechanisms like a mx ip4 ptr and include as shown below
```
v=spf1 a mx ptr include:icpbounce.com include:spf.mandrillapp.com ~all    
v=spf1 mx ip4:x.x.x.x include:mktomail.com ~all     
v=spf1 mx ip4:y.y.y.y include:mktomail.com ~all    
v=spf1 include:spf.mandrillapp.com ?all
```
How can merge all this to one TXT record, as mandrilapp is giving me an error

has more than one TXT record that looks like an SPF record

I cant try a trial and error as its in production and i am very new to this SPF domain
- Oxi about 8 years
  
  @MadHatter : i am trying here is - How to Mix the different mechanisms (a , mx , ip4 , ptr and include) to create single SPF file from 4
- MadHatter about 8 years
  
  The linked question is a canonical one. These are questions where the community has said all it is going to say on a class of subject, because although everyone's particular problems in that class are somewhat different, to the extent that they are interesting, they aren't different, and to the extent that they're different, they aren't interesting (to anyone save the questioner). So we write one set of answers designed to be the last word on the subject, and say no more.
- BlueCompute about 8 years
  
  I believe you can just run them all into one line, but your SPFs don't make sense anyway. Why would you want to include spf.mandrillapp.com with both soft-fail and neutral? And for your mulitple ipv4 addresses you again have one line with 'ip4:x.x.x.x ip4:y.y.y.y' etc. Go and review the canonical question and the SPF syntax.
- Oxi about 8 years
  
  i get it now, mandril gives me an error without SPF, so i need something for the namesake. so i will try ~all
- Chris over 7 years
  
  @MadHatter I disagree. If SO would only allow canonical questions, it wouldn't be the helpful place as it is today for us mortal soles. Just stop flagging questions as a duplicate when the OP has clearly put an effort trying to distinguish his question making it much more specific than some canonical parent.
- MadHatter over 7 years
  
  @Chris 1) this is SF, we're a bit different to SO; 2) souls; 3) the effort put in by the OP is not relevant unless (s)he has explicitly addressed the canonical question and shown how his/hers is different, which is not the case here; 4) in brief, no, I will continue to flag duplicates where I see them (and since generally several other high-rep users have to agree with me before a question is so closed, it's not just me you have a beef with). Take this to meta if you want to continue the discussion; this is not the place for it.
- Aaron over 7 years
  
  I'm with you @Chris. The canonical answer does not do it for me. This is my exact question and issue and it is not addressed in canonical. "other high-rep users agree" is not relevant to me.
Sire over 4 years

ptr is not recommended and can be removed: serverfault.com/questions/655919/…