Can I have two SPF records on one domain?

No. The SPF specification (RFC 7208) requires exactly one SPF record per domain. Multiple SPF records cause a permerror, and SPF authentication fails.

What happens if I have two SPF records?

Mail servers return a permerror result, which means SPF cannot be evaluated. This effectively breaks SPF authentication entirely for your domain.

How do I combine two SPF records into one?

Merge all mechanisms from both records into a single record. Remove duplicate includes, and keep only one v=spf1 at the start and one all mechanism at the end.

Can I Have Two SPF Records? (No, and Here's Why)

Illustration of multiple SPF records on a domain

No, you cannot have two SPF records on the same domain. The SPF specification requires exactly one SPF record per domain. If you have multiple records, mail servers return a permerror and SPF authentication fails completely.

This is one of the most common SPF mistakes, usually caused by adding a new service without checking what already exists.

Why Multiple SPF Records Break Authentication

When a mail server looks up your SPF record, it queries your DNS for TXT records starting with v=spf1. If it finds more than one, the specification says it must return permerror—it can’t guess which record you meant.

# Two SPF records = permerror
yourdomain.com TXT "v=spf1 include:_spf.google.com -all"
yourdomain.com TXT "v=spf1 include:sendgrid.net -all"

The server doesn’t try to merge them. It doesn’t pick one. It fails.

How This Happens

Scenario 1: Adding a New Service

You already have SPF for Google Workspace:

v=spf1 include:_spf.google.com -all

You sign up for Mailchimp. Their setup guide says “add this SPF record”:

v=spf1 include:servers.mcsv.net -all

If you add this as a new record instead of modifying the existing one, you now have two SPF records.

Scenario 2: Multiple People Managing DNS

Marketing adds an SPF record for their email tool. IT adds one for the corporate email. Neither checks what the other did.

Scenario 3: DNS Provider Defaults

Some DNS providers or hosting platforms automatically add an SPF record. When you add your own, you end up with duplicates.

How to Check for Multiple SPF Records

Command Line

dig txt yourdomain.com | grep spf

If you see multiple lines starting with v=spf1, you have a problem.

Online Tools

Any SPF checker will flag multiple records as an error.

DNS Provider Dashboard

Look at your TXT records. Count how many start with v=spf1. Should be exactly one.

How to Merge SPF Records

Take all the mechanisms from both records and combine them into one.

Before (Two Records)

v=spf1 include:_spf.google.com -all
v=spf1 include:sendgrid.net include:servers.mcsv.net -all

After (One Merged Record)

v=spf1 include:_spf.google.com include:sendgrid.net include:servers.mcsv.net -all

Merge Rules

Keep only one v=spf1 at the beginning
Combine all include:, ip4:, ip6:, a:, mx: mechanisms
Remove duplicates (same include appearing twice)
Keep only one all mechanism at the end (use the stricter one: -all over ~all)
Watch the 10 DNS lookup limit

Step-by-Step Fix

Step 1: List All Current SPF Records

dig txt yourdomain.com

Copy the full content of each SPF record.

Step 2: Extract All Mechanisms

From each record, pull out:

All include: statements
All ip4: and ip6: addresses
Any a: or mx: mechanisms

Step 3: Combine Into One Record

v=spf1 [all mechanisms from step 2] -all

Step 4: Check the Lookup Count

Count DNS-querying mechanisms. If over 10, you need to optimize. See SPF 10 DNS Lookup Limit.

Step 5: Delete Old Records, Add New One

Remove all existing SPF records, then add your single merged record.

Important: Do this as close to simultaneously as possible. A gap where you have no SPF record also causes issues.

Step 6: Verify

Wait for DNS propagation (usually minutes, sometimes hours), then check:

dig txt yourdomain.com | grep spf

You should see exactly one record.

Special Cases

Subdomains

Each subdomain can have its own SPF record. This is fine:

# Main domain
yourdomain.com TXT "v=spf1 include:_spf.google.com -all"

# Subdomain (separate record is OK)
mail.yourdomain.com TXT "v=spf1 include:sendgrid.net -all"

The one-record-per-domain rule applies per domain/subdomain.

Third-Party Services on Subdomains

Some services (especially marketing tools) want to send from a subdomain like em.yourdomain.com. They might provide their own SPF record for that subdomain. This is fine—it doesn’t conflict with your main domain’s SPF.

Preventing Future Duplicates

Document your SPF record — Keep a record of what’s in it and why
Check before adding — Always look at existing DNS before adding new records
Centralize DNS management — One person or team responsible for DNS changes
Use Verkh — We alert you if multiple SPF records appear

What If a Service Insists on Their Own Record?

Some service setup guides say “add this SPF record” without mentioning you might already have one. They’re giving you the mechanism to add, not telling you to create a duplicate.

If their guide says:

Add this SPF record: v=spf1 include:theirservice.com -all

What they mean is: add include:theirservice.com to your existing SPF record.

# Your existing record
v=spf1 include:_spf.google.com -all

# After adding their include
v=spf1 include:_spf.google.com include:theirservice.com -all

The Bottom Line

One SPF record per domain—no exceptions
Multiple records cause permerror and complete SPF failure
Merge records by combining mechanisms into one
Check before adding new services
Subdomains can have their own separate records

For complete SPF troubleshooting, see our SPF Troubleshooting Guide.

Verkh monitors your DNS and alerts you immediately if duplicate SPF records appear. Catch configuration errors before they break authentication at verkh.io.