How to specify multiple included domains in SPF record?
Our business email is hosted on Google apps. In addition, our web server may also send email. Currently our SPF record in DNS looks like this:
domain.com. IN TXT "v=spf1 a include:_spf.google.com -all"
This is all fine, however now we've outsourced our email list management to another company and we need to include a second domain with include. So, I'm looking for something like:
domain.com. IN TXT "v=spf1 a include:_spf.google.com include:otherdomain.com -all"
What is the correct syntax for this? Many thanks!
All SPF mechanisms, including include, can be used multiple times, separated by spaces:
"v=spf1 include:_spf.google.com include:otherdomain.com -all"
Evaluation of include works this way:
-
If the included data returned PASS, then the
includeitself generates a result (for example,include:foo.bargenerates a PASS, but-include:foo.bargenerates a FAIL). -
If the included data returned FAIL or NEUTRAL, then the
includedoes not contribute to the result at all, and processing goes to your next mechanism.
See SPF record syntax and RFC 7208.
(Note that redirect= is not a mechanism but a global modifier, and cannot be repeated this way.)
This is the correct syntax you requested
domain.com: IN TXT "v=spf1 include:_spf.google.com include:otherdomain.com -all"
Just use the include mechanism to add each service in your SPF record:
v=spf1 a include:_spf.google.com include:otherdomain.com -all
Make sure you don't create multiple SPF records on one domain. If you do, SPF will return PermError.
Also note that you don't exceed the 10 DNS lookup limit of SPF, otherwise SPF will return PermError too.