Configuring SPF records for multiple email sending services requires identifying all services sending emails on behalf of your domain and creating an SPF record that includes all authorized sending sources. The SPF record applies to the 'envelope from' address, found in the 'Return-Path:' of email headers. Use the 'include:' mechanism to incorporate SPF policies of each service, paying attention to service-specific instructions (e.g., Google Workspace, Amazon SES, Office 365). It's crucial to avoid exceeding the 10 DNS lookup limit, and consider flattening the record if necessary. Regularly test the SPF record using online tools and monitor authentication reports. Best practices also include avoiding multiple SPF records, keeping the record updated, and understanding the implications of '-all' versus '~all'.
10 marketer opinions
When configuring SPF records for multiple email sending services, it's crucial to include all authorized sending sources in your SPF record using the 'include:' mechanism for each service. You should also identify all email sending services (ESPs) and their respective SPF includes. To avoid deliverability issues, do not exceed the 10 DNS lookup limit. It's recommended to test your SPF record using online tools to ensure validity and proper configuration. Regularly update and monitor your SPF record to reflect changes in your sending infrastructure and avoid common mistakes such as using multiple SPF records.
Marketer view
Email marketer from Email Geeks shares that the SPF record lists what sources are permitted to set the domain in the 5321.From (a.k.a. return-path, envelope From, MAIL FROM, bounce) address. Include your domain only if the IP address that the domain resolves to sends email that sets the 5321.From.
29 Jun 2023 - Email Geeks
Marketer view
Email marketer from StackOverflow shares that your SPF record should include all authorized sending sources. This is achieved using the `include:` mechanism for each service. For example: `v=spf1 include:sendgrid.net include:_spf.google.com ~all`. Test your SPF record using online tools to ensure it's valid.
26 Mar 2025 - StackOverflow
5 expert opinions
When setting up SPF records for multiple email sending services, it's essential to identify all services sending on behalf of your domain and document them. SPF records apply to the 'envelope from' address, not the address displayed in the email client. To determine the correct domain for the SPF record, check the 'Return-Path:' line in the email headers. Each service may require a specific SPF 'include' record, especially if using custom bounce domains. Ensure that your SPF record includes all authorized sending sources using the 'include:' mechanism. Also, avoid exceeding the 10 DNS lookup limit to prevent SPF failures. After creating the record, test it, and monitor authentication reports to validate its effectiveness and regularly review and update to ensure you have accurate SPF records.
Expert view
Expert from Spamresource.com explains the critical steps for configuring SPF records when using multiple email senders. First, identify all authorized sending sources. Second, use the `include:` mechanism to incorporate the SPF policies of third-party senders. And third, limit the number of DNS lookups. Avoid exceeding the 10 DNS lookup limit to prevent SPF failures. Regularly review and update the SPF record to reflect changes in your sending infrastructure.
26 Jul 2021 - Spamresource.com
Expert view
Expert from Email Geeks explains that SPF records apply to the address in your envelope from address, NOT the address that shows up in the mail client.
14 Feb 2023 - Email Geeks
4 technical articles
When setting up an SPF record for multiple email sending services, it's essential to include the appropriate SPF records for each service you use. For Google Workspace, include `v=spf1 include:_spf.google.com ~all`. For Amazon SES, include `include:amazonses.com` (or regional endpoints/custom MAIL FROM domain SPF). For Office 365, use `v=spf1 include:spf.protection.outlook.com -all`. SPF records use specific syntax, with 'include:' designating other domains' authorization policies and 'all' dictating how to handle unmatched addresses (using '-all' for hard fail, '~all' for soft fail). These SPF records should be added as TXT records to your domain's DNS settings.
Technical article
Documentation from Amazon Web Services shares that if you're using Amazon SES, you should include Amazon's SES servers in your SPF record. Depending on the region, you may need to include specific regional endpoints. If you're using a custom MAIL FROM domain, ensure the SPF record is published for that domain. Otherwise, the standard Amazon SES include should suffice: `include:amazonses.com`.
26 May 2021 - Amazon Web Services
Technical article
Documentation from Microsoft says if you're sending email through Office 365, you need to include Office 365's SPF record. The recommended SPF record is `v=spf1 include:spf.protection.outlook.com -all`. Also ensure that this record is set up as a TXT record in your domains DNS settings.
16 Dec 2024 - Microsoft
How do I set up DKIM on G Suite for outgoing mail, especially when using multiple email services?
How do I set up SPF and DKIM records for new subdomains when using third-party email services?
How can I optimize my SPF record to stay within the lookup limit when using multiple email sending services?
Do I need multiple DKIM records if I use multiple ESPs like HubSpot, Sendgrid and ActiveCampaign?
Can I use the same sending domain with multiple ESPs?
How do I configure DNS records to send emails from two different ESPs using the same subdomain?
How do SPF records and DKIM keys work with multiple email services like Klaviyo and Shopify?
How do I properly set up SPF and DKIM records for email marketing, including handling multiple SPF records, IP ranges, bounce capturing, and Google Postmaster Tools verification?
© 2025 Suped Pty Ltd