When authenticating your domain, you will have to add an SPF record in your domain's DNS settings. An SPF record indicates which IP addresses and/or hostnames have been authorized to send emails from your domain.
You may have to include several SPF values in the DNS zone of your domain if you send emails through several services.
It is only possible to have one SPF record in the DNS zone of your domain. Having more than one SPF record will make the authentication impossible, and some hosting providers won’t even allow you to have more than one.
If you need to include more than one SPF record in your DNS zone, then you should merge them into a single record by including all the values or mechanisms in the same record.
Let’s assume your domain is already authenticated through Outlook, so you have the SPF record
v=spf1 a include:spf.protection.outlook.com -all.
Now, you want to authenticate your domain with MailerLite, so you have to add the second SPF record
v=spf1 a mx include:_spf.mlsend.com ~all to your DNS page.
Let’s look at the different parts or mechanisms of an SPF record to better understand how it works.
The “v” prefix
The first part of an SPF record starts with
v=spf1, which simply identifies the record as the first version of SPF. This is the only version that exists at the moment. Since you can add several TXT records, this basically tells the DNS of the domain to treat this record as SPF.
The “a” mechanism
Both records also contain the
a mechanism afterward, which basically indicates the address of your domain in an IP number. The sending IP must match the A record of the From domain to be authenticated.
The “mx” mechanism
Only the one from MailerLite includes the
mx mechanism, which indicates which email servers should be used when emails are being relayed. The sending IP must match the MX record of the From domain to be authenticated.
The “include” mechanism
The middle part of an SPF record begins with
include, which basically tells the DNS to include this particular domain in the SPF setup of your domain. It allows emails to be authenticated through the same IPs allowed in the included domain.
The “all” mechanism
The last part of an SPF record, the
all mechanism defines how an email should be treated. It should always be at the end of the record, and it is required to be a valid SPF record.
This mechanism will include one of the following qualifiers:
+all- it's the default prefix, so it can be omitted
?all- adding this rule creates the impression that there is no SPF, so it’s not recommended
-all- it will be rejected and not sent and if the email doesn’t comply with the set rules
~all- it will be sent but tagged as SOFTFAIL if the email doesn’t comply with the set rules
To merge the SPF values, simply include all the parts into one single record, without repeating any mechanisms.
This means that if both records have an
a, it should only be included once at the beginning in the default record. If only one of the records includes an
mx, it should also be included in the first part.
However, please note that the last part has to be either
~all. It’s not possible to have more than one, so it is ultimately your choice which declaration of
all your domains will use.
The merged SPF record would look like this:
v=spf1 a mx include:_spf.mlsend.com include:spf.protection.outlook.com -all.