3

I have 3 SPF records:

"v=spf1 include:spf.protection.outlook.com -all"
"v=spf1 a ptr include:authsmtp.com ?all"
"v=spf1 a mx include:spf.mtasv.net ~all"

How can I merge them all together into one txt record?

artnikbrothers
  • 305
  • 3
  • 17

1 Answers1

8

The merged record would look like this:

v=spf1 a mx ptr include:spf.protection.outlook.com include:authsmtp.com include:spf.mtasv.net -all

You'll have to decide which of the all mechanisms you want to use, since you can only have one in a SPF record. I have included the -all since it's the most restrictive, and is the one that should be used, unless there is a risk of valid mails being sent from a server not listed in the SPF record.

You should also consider removing the ptr mechanism, since it's discouraged to use this mechanism, since it can put a load on the receiving mail-server.

The merged record is also in risk of hitting the DNS lookup limit for SPF of 10 DNS lookups. Since the two first includes currently will result in 2 additional DNS lookups each, the total number of DNS lookups (if the ptr is still present) will be 10, which is the limit. So if one of the included records later add an additional include the evaluation of your SPF record may result in a "permerror".

Lars Lind Nilsson
  • 1,136
  • 6
  • 14
  • Good answer. One note: `-all` is the best option to use *if you're not using DMARC*. If you are, use `~all`. `?all` is pointless - it's the same as not having an SPF record! – Synchro Jan 15 '17 at 13:15