SPF When Using Multiple Email Providers
Learn how to configure one SPF record for multiple sending services, avoid duplicate SPF records, and stay within SPF’s DNS lookup limit.
Introduction
Many domains send email through more than one provider. For example, a business may use Google Workspace or Microsoft 365 for normal mail, a website server for contact forms, a CRM for sales emails, and a transactional email service for invoices or notifications.
SPF can support multiple providers, but they must be combined correctly. The most common mistake is adding a separate SPF record for each provider. A domain should normally have one SPF record that includes all legitimate sending sources.
Quick answer
When using multiple email providers, publish one SPF TXT record that includes all legitimate sending services. Do not create separate SPF records for each provider. Combine provider includes and sending IPs carefully, remove old providers, and check the 10 DNS lookup limit.
Multiple email providers
Yes. One domain can send email through multiple services, but SPF must authorize those services in one combined SPF record.
v=spf1 include:_spf.google.com include:mailservice.example ip4:192.0.2.10 ~all
This example allows one provider include, another provider include, and one fixed sending IP.
This is only an example. Your SPF record must match your real sending services.
One SPF record
SPF does not work as “one record per provider.” If you use several senders, they should be merged into one SPF TXT record.
v=spf1 include:_spf.google.com ~all
v=spf1 include:mailservice.example ~all
v=spf1 include:_spf.google.com include:mailservice.example ~all
Multiple SPF records can cause SPF validation to fail, even if each individual record looks correct.
Common provider setups
Mailbox provider
Google Workspace, Microsoft 365, Zoho or hosting email for normal business mail.
Website forms
WordPress, CMS, hosting server or SMTP plugin sending contact form messages.
CRM or sales platform
Sales tools sending messages on behalf of the domain.
Marketing platform
Newsletter or campaign tools sending bulk or scheduled mail.
Transactional email
Invoices, password resets, account notifications or app alerts.
Support/helpdesk
Ticketing platforms sending replies from the domain.
Every service that sends mail using your domain may need SPF, DKIM or both.
Building combined SPF
-
1. List every sending service
Include mailbox provider, website forms, CRM, marketing platform, transactional email, helpdesk and hosting server.
-
2. Get official SPF values
Use each provider’s documentation or dashboard. Do not guess include values.
-
3. Remove unused providers
Delete services that no longer send mail for the domain.
-
4. Merge into one record
Combine all required includes and IPs into one SPF TXT record.
-
5. Check DNS lookup count
Make sure the record does not exceed SPF’s 10 DNS lookup limit.
-
6. Validate and test
Run SPF Checker and send test messages from each real provider.
Why this matters
This matters because multi-provider SPF records can become messy quickly. Duplicate SPF records can fail validation, old providers can increase risk, and too many includes can exceed SPF’s DNS lookup limit. A clean SPF record should authorize real senders without becoming too broad or too complex.
SPF should also be reviewed together with DKIM and DMARC, especially when multiple providers send mail for the same domain.
How to check it
Use SPF Checker to inspect your SPF record, included providers, fixed IPs, duplicate records and lookup count.
When checking multi-provider SPF, review
These six checks help keep multi-provider SPF clean and valid.
Only one SPF record
The domain should normally publish one SPF TXT record.
Provider includes
Each include should match a real active sending provider.
Fixed IPs
Any ip4 or ip6 values should belong to real sending infrastructure.
Lookup count
Includes and other mechanisms should stay within the 10 DNS lookup limit.
Old services
Remove old CRMs, marketing tools or mail platforms that no longer send.
DKIM and DMARC
Check whether each provider also supports DKIM and aligns with DMARC.
Check multi-provider SPF
Use SPF Checker to review combined senders, duplicate records and lookup count.
Common problems
Separate SPF record for each provider
HighPublishing multiple SPF records can cause SPF validation to fail.
Next step: Merge all providers into one SPF TXT record.
Too many provider includes
MediumSeveral includes can push SPF over the 10 DNS lookup limit.
Next step: Remove unused services and simplify the record.
Old provider still authorized
MediumA retired mail, CRM or marketing platform remains in SPF.
Next step: Remove old providers after confirming they no longer send mail.
Website server missing from SPF
MediumContact forms or server-generated emails may fail SPF if the hosting server sends directly.
Next step: Use SMTP through an authorized provider or add the correct sending IP if appropriate.
Marketing platform missing from SPF
HighCampaign or newsletter messages may fail SPF if the provider is not authorized.
Next step: Add the provider’s official SPF include if it sends using your domain.
SPF passes but DMARC fails
MediumSPF may pass for a Return-Path domain that does not align with the visible From domain.
Next step: Configure DKIM and DMARC alignment for each provider.
Record becomes too broad
MediumAdding a, mx or wide IP ranges can authorize more senders than intended.
Next step: Use specific provider includes or IPs whenever possible.
How to manage it
-
Step 1: Create a sender inventory
List every platform that sends email using the domain.
-
Step 2: Separate active and old providers
Mark which services are still used and which should be removed.
-
Step 3: Collect official SPF values
Use official provider instructions for SPF include or IP values.
-
Step 4: Merge into one SPF record
Combine all active senders into one TXT record beginning with v=spf1.
-
Step 5: Avoid unnecessary mechanisms
Do not add a, mx, wide IP ranges or old providers unless they are truly needed.
-
Step 6: Check the lookup limit
Run SPF Checker to confirm the record stays within the 10 DNS lookup limit.
-
Step 7: Set a safe policy
Use ~all while testing. Move to -all only after all legitimate senders are confirmed.
-
Step 8: Review DKIM and DMARC
Make sure each provider supports DKIM and aligns with your DMARC policy where possible.
SPF examples
v=spf1 include:_spf.google.com ~all
v=spf1 include:mailservice.example ~all
v=spf1 include:_spf.google.com include:mailservice.example ~all
v=spf1 include:spf.protection.outlook.com ip4:192.0.2.10 ~all
v=spf1 include:_spf.google.com include:transactional.example ~all
v=spf1 include:_spf.google.com a mx +all
These are examples only. Use the exact SPF values from your active email providers and sending services.
SPF, DKIM and DMARC
SPF is only one part of authentication. When multiple providers send mail for your domain, each provider should also be reviewed for DKIM and DMARC alignment.
- Does each provider support DKIM?
- Is DKIM enabled for the domain?
- Does the visible From domain align with SPF or DKIM?
- Does DMARC policy match your enforcement goals?
- Are reports showing unknown senders?
In many multi-provider setups, DKIM alignment is more reliable than SPF alignment because SPF depends on the envelope sender / Return-Path domain.
Using subdomains
If many services send mail, it may be cleaner to separate some sending streams onto subdomains.
- news.example.com for newsletters
- billing.example.com for invoices
- alerts.example.com for application notifications
Benefits: cleaner authentication, easier DMARC reporting, better separation of reputation, simpler troubleshooting.
Subdomains still need their own SPF, DKIM and DMARC planning.
Frequently asked questions
Can one domain use multiple email providers?
Yes. One domain can send through multiple providers, but SPF should combine them into one TXT record.
Can I add one SPF record for each provider?
No. A domain should normally have only one SPF record. Multiple SPF records can fail validation.
What if I use Google Workspace and a marketing platform?
Create one SPF record that includes both active sending providers, then check lookup count.
What if SPF exceeds the 10 DNS lookup limit?
Remove unused providers, avoid unnecessary a/mx mechanisms, consolidate senders or review provider recommendations.
Should website contact forms be included in SPF?
Only if they send directly using the domain. A better setup is often to send forms through an authenticated SMTP provider.
Do I need DKIM for every provider?
Ideally yes. Each provider that sends mail for your domain should support DKIM and align with DMARC where possible.
Related tools
Use these free tools to verify your configuration after applying changes.
Related guides
Browse all Email Authentication guides →Need help applying this fix?
Send us your domain, report link or issue details. CheckDomainHealth will review the request and route it to the right technical team if hands-on support is needed.
Was this guide helpful?
Your feedback helps us improve our guides for everyone.
Thanks for your feedback!