How to Check and Update Your SPF Record
- Log into your domain’s DNS management tool: This is often provided by your domain registrar or hosting provider.
- Locate the SPF record: It should be listed among the DNS records for your domain.
- Review and edit: Use the guidelines below to ensure your SPF record is correct.
- Test the SPF record: Use online tools like MXToolbox to validate your SPF record.
By following these steps, you can identify and fix common issues that prevent SPF authentication, also known as SPF validation, ensuring your emails are properly authenticated and reducing the chances they will be marked as spam.
Common Reasons for SPF Errors
Multiple SPF Records
What it means: Your domain should only have one SPF record. If there are multiple, it causes confusion and the validation fails.
How to fix multiple SPF records:
- Check your domain’s DNS settings to ensure there is only one SPF record.
- If there are multiple, combine them into a single record.
SPF Validation Unavailable
What it means: There is no SPF record set up for your domain, so the validation cannot take place.
How to fix SPF Validation Unavailable:
- Verify if an SPF record for the email service you are using exists for your domain.
- If you use Google Workspace it does not cover your CRM etc, think about every service that sends an email on your behalf.
- If the service’s SPF is not present, create an SPF record and add it to your DNS settings.
Too Many DNS Lookups
What it means: SPF records can only include a maximum of ten DNS lookups. Exceeding this limit causes the check to fail.
How to fix Too Many DNS Lookups:
- Review your SPF record to ensure it does not contain records that are not needed.
- Simplify the SPF record to stay within the limit.
If you are still having Too Many DNS Lookups you will want to consider using subdomains to send emails.
Separating some email services to send from a subdomain can be helpful. This would mean having some of your emails send from a subdomain like [email protected] vs [email protected]. This is typical for promotional emails so that the reputation score is per subdomain vs the main email which is more personal and more important to have high deliverability.
If you are still having issues use Static or Dynamic flattening the SPF record.
I recommend Dynamic flattening because businesses are always changing and it just works. You can use Static SPF but using static SPF flattening means you need to stay on top of changes in your email infrastructure. If your sending IP addresses change, you will need to manually update the SPF record to ensure continued validation.
When you use Dynamic SPF flattening you do not need to worry about constantly updating your SPF record. It automatically adapts to changes, saving you time and reducing the risk of email delivery issues.
For Dynamic SPF Flattening Use Safe SPF
This is an affiliate link and I make a commission when you use their service but it is a service I recommend regardless if I am being paid or not.
Syntax Errors
What it means: The SPF record must follow a specific format, starting with “v=spf1” and ending with an “all” tag.
How to fix Syntax Errors in your SPF record:
- Check the SPF record for any formatting issues.
- Make sure it starts with “v=spf1” and ends with an appropriate “all” mechanism like “-all”, “~all”, or “?all”.
Using the PTR Mechanism
What it means: The PTR mechanism is outdated and should not be used in SPF records.
How to fix PTR Mechanism:
- Look through your SPF record for any “ptr” directives.
- Remove any references to “ptr”.
Unknown Parts
What it means: There might be elements in your SPF record that are not recognized by the SPF specification.
How to fix Unknown Parts:
- Validate your SPF record using an online SPF checker.
- Remove any parts that are not standard.
Invalid Macros
What it means: If macros are used in the SPF record, they must be valid and correctly formatted.
How to fix Invalid Macros:
- Review the SPF record for any macros (denoted by “%” symbols).
- Ensure all macros are correctly formatted.
No Record Termination
What it means: The SPF record must have a default fallback mechanism at the end, like an “all” mechanism or a “redirect”.
How to fix No Record Termination:
- Check that your SPF record ends with an “all” mechanism (e.g., “-all”) or a “redirect” directive.
- Add one if it’s missing.
Having More than One Fallback Scenario
What it means: There should only be one fallback scenario in the SPF record.
How to fix Having More than One Fallback Scenario:
- Ensure your SPF record has only one “all” mechanism or “redirect” modifier at the end.
- Remove any extra fallback scenarios.
DNS Type “SPF” Use
What it means: SPF records should be published as DNS TXT records, not as DNS “SPF” records.
How to fix DNS Type “SPF” Use:
- Verify that your SPF record is published as a TXT record.
- If it is published as an “SPF” type, change it to a TXT type.