SPF When Using Multiple Email Providers

Learn how to configure one SPF record for multiple sending services, avoid duplicate SPF records, and stay within SPF’s DNS lookup limit.

By CheckDomainHealth Editorial Team Reviewed by Dionis Ceban Updated Jun 28, 2026 7 min read Beginner

Introduction

Many domains send email through more than one provider. For example, a business may use Google Workspace or Microsoft 365 for normal mail, a website server for contact forms, a CRM for sales emails, and a transactional email service for invoices or notifications.

SPF can support multiple providers, but they must be combined correctly. The most common mistake is adding a separate SPF record for each provider. A domain should normally have one SPF record that includes all legitimate sending sources.

Quick answer

Quick answer

When using multiple email providers, publish one SPF TXT record that includes all legitimate sending services. Do not create separate SPF records for each provider. Combine provider includes and sending IPs carefully, remove old providers, and check the 10 DNS lookup limit.

Multiple email providers

Yes. One domain can send email through multiple services, but SPF must authorize those services in one combined SPF record.

Example
v=spf1 include:_spf.google.com include:mailservice.example ip4:192.0.2.10 ~all

This example allows one provider include, another provider include, and one fixed sending IP.

This is only an example. Your SPF record must match your real sending services.

One SPF record

SPF does not work as “one record per provider.” If you use several senders, they should be merged into one SPF TXT record.

Bad example
v=spf1 include:_spf.google.com ~all
v=spf1 include:mailservice.example ~all
Good example
v=spf1 include:_spf.google.com include:mailservice.example ~all

Multiple SPF records can cause SPF validation to fail, even if each individual record looks correct.

Common provider setups

Mailbox provider

Google Workspace, Microsoft 365, Zoho or hosting email for normal business mail.

Website forms

WordPress, CMS, hosting server or SMTP plugin sending contact form messages.

CRM or sales platform

Sales tools sending messages on behalf of the domain.

Marketing platform

Newsletter or campaign tools sending bulk or scheduled mail.

Transactional email

Invoices, password resets, account notifications or app alerts.

Support/helpdesk

Ticketing platforms sending replies from the domain.

Every service that sends mail using your domain may need SPF, DKIM or both.

Building combined SPF

  1. 1. List every sending service

    Include mailbox provider, website forms, CRM, marketing platform, transactional email, helpdesk and hosting server.

  2. 2. Get official SPF values

    Use each provider’s documentation or dashboard. Do not guess include values.

  3. 3. Remove unused providers

    Delete services that no longer send mail for the domain.

  4. 4. Merge into one record

    Combine all required includes and IPs into one SPF TXT record.

  5. 5. Check DNS lookup count

    Make sure the record does not exceed SPF’s 10 DNS lookup limit.

  6. 6. Validate and test

    Run SPF Checker and send test messages from each real provider.

Why this matters

Why this matters

This matters because multi-provider SPF records can become messy quickly. Duplicate SPF records can fail validation, old providers can increase risk, and too many includes can exceed SPF’s DNS lookup limit. A clean SPF record should authorize real senders without becoming too broad or too complex.

SPF should also be reviewed together with DKIM and DMARC, especially when multiple providers send mail for the same domain.

How to check it

Use SPF Checker to inspect your SPF record, included providers, fixed IPs, duplicate records and lookup count.

When checking multi-provider SPF, review

These six checks help keep multi-provider SPF clean and valid.

Only one SPF record

The domain should normally publish one SPF TXT record.

Provider includes

Each include should match a real active sending provider.

Fixed IPs

Any ip4 or ip6 values should belong to real sending infrastructure.

Lookup count

Includes and other mechanisms should stay within the 10 DNS lookup limit.

Old services

Remove old CRMs, marketing tools or mail platforms that no longer send.

DKIM and DMARC

Check whether each provider also supports DKIM and aligns with DMARC.

Check multi-provider SPF

Use SPF Checker to review combined senders, duplicate records and lookup count.

Run SPF Check →

Common problems

Separate SPF record for each provider

High

Publishing multiple SPF records can cause SPF validation to fail.

Next step: Merge all providers into one SPF TXT record.

Too many provider includes

Medium

Several includes can push SPF over the 10 DNS lookup limit.

Next step: Remove unused services and simplify the record.

Old provider still authorized

Medium

A retired mail, CRM or marketing platform remains in SPF.

Next step: Remove old providers after confirming they no longer send mail.

Website server missing from SPF

Medium

Contact forms or server-generated emails may fail SPF if the hosting server sends directly.

Next step: Use SMTP through an authorized provider or add the correct sending IP if appropriate.

Marketing platform missing from SPF

High

Campaign or newsletter messages may fail SPF if the provider is not authorized.

Next step: Add the provider’s official SPF include if it sends using your domain.

SPF passes but DMARC fails

Medium

SPF may pass for a Return-Path domain that does not align with the visible From domain.

Next step: Configure DKIM and DMARC alignment for each provider.

Record becomes too broad

Medium

Adding a, mx or wide IP ranges can authorize more senders than intended.

Next step: Use specific provider includes or IPs whenever possible.

How to manage it

  1. Step 1: Create a sender inventory

    List every platform that sends email using the domain.

  2. Step 2: Separate active and old providers

    Mark which services are still used and which should be removed.

  3. Step 3: Collect official SPF values

    Use official provider instructions for SPF include or IP values.

  4. Step 4: Merge into one SPF record

    Combine all active senders into one TXT record beginning with v=spf1.

  5. Step 5: Avoid unnecessary mechanisms

    Do not add a, mx, wide IP ranges or old providers unless they are truly needed.

  6. Step 6: Check the lookup limit

    Run SPF Checker to confirm the record stays within the 10 DNS lookup limit.

  7. Step 7: Set a safe policy

    Use ~all while testing. Move to -all only after all legitimate senders are confirmed.

  8. Step 8: Review DKIM and DMARC

    Make sure each provider supports DKIM and aligns with your DMARC policy where possible.

SPF examples

Bad: duplicate SPF records
v=spf1 include:_spf.google.com ~all
v=spf1 include:mailservice.example ~all
Good: merged SPF record
v=spf1 include:_spf.google.com include:mailservice.example ~all
Mailbox plus website sending IP
v=spf1 include:spf.protection.outlook.com ip4:192.0.2.10 ~all
Mailbox plus transactional provider
v=spf1 include:_spf.google.com include:transactional.example ~all
Risky: too broad
v=spf1 include:_spf.google.com a mx +all

These are examples only. Use the exact SPF values from your active email providers and sending services.

SPF, DKIM and DMARC

SPF is only one part of authentication. When multiple providers send mail for your domain, each provider should also be reviewed for DKIM and DMARC alignment.

  • Does each provider support DKIM?
  • Is DKIM enabled for the domain?
  • Does the visible From domain align with SPF or DKIM?
  • Does DMARC policy match your enforcement goals?
  • Are reports showing unknown senders?

In many multi-provider setups, DKIM alignment is more reliable than SPF alignment because SPF depends on the envelope sender / Return-Path domain.

Using subdomains

If many services send mail, it may be cleaner to separate some sending streams onto subdomains.

  • news.example.com for newsletters
  • billing.example.com for invoices
  • alerts.example.com for application notifications

Benefits: cleaner authentication, easier DMARC reporting, better separation of reputation, simpler troubleshooting.

Subdomains still need their own SPF, DKIM and DMARC planning.

Frequently asked questions

Can one domain use multiple email providers?

Yes. One domain can send through multiple providers, but SPF should combine them into one TXT record.

Can I add one SPF record for each provider?

No. A domain should normally have only one SPF record. Multiple SPF records can fail validation.

What if I use Google Workspace and a marketing platform?

Create one SPF record that includes both active sending providers, then check lookup count.

What if SPF exceeds the 10 DNS lookup limit?

Remove unused providers, avoid unnecessary a/mx mechanisms, consolidate senders or review provider recommendations.

Should website contact forms be included in SPF?

Only if they send directly using the domain. A better setup is often to send forms through an authenticated SMTP provider.

Do I need DKIM for every provider?

Ideally yes. Each provider that sends mail for your domain should support DKIM and align with DMARC where possible.

Use these free tools to verify your configuration after applying changes.

Browse all Email Authentication guides →

Need help applying this fix?

Send us your domain, report link or issue details. CheckDomainHealth will review the request and route it to the right technical team if hands-on support is needed.

Get Help Run Domain Health Check

Was this guide helpful?

Your feedback helps us improve our guides for everyone.