Multiple SPF Records Found

One-Minute Fix

Keep only one SPF TXT record for the domain and merge all legitimate sending services into that single SPF policy.

v=spf1 include:_spf.google.com include:sendgrid.net ~all

That is the core rule: one domain, one SPF record. If several services send email for your domain, they must all be combined into one final SPF record rather than being published as separate TXT entries.

Wrong vs correct setup

v=spf1 include:_spf.google.com ~all
  v=spf1 include:sendgrid.net ~all

v=spf1 include:_spf.google.com include:sendgrid.net ~all

Why this happens

This problem usually appears when different tools each provide their own SPF instructions and those instructions are added directly in DNS without consolidation. For example, a domain may already have an SPF record for Google Workspace, then later a team adds SendGrid or Microsoft 365 and pastes a second v=spf1 record instead of merging the new include mechanism into the original one. SPF does not support multiple active policies for the same domain, even when each record looks valid on its own.

Why multiple SPF records are a problem

• Receiving servers return an SPF permerror instead of a clear pass, fail, or softfail result.
• Legitimate mail can lose SPF authentication even when your approved senders are correct.
• DMARC may also fail when SPF was supposed to provide an aligned authentication path.
• Inbox placement becomes less predictable because your authentication setup looks broken rather than intentional.

How this affects deliverability

From a deliverability perspective, multiple SPF records create ambiguity at the exact moment mailbox providers want clarity. Your domain may have legitimate sending services and good intent, but the receiver still sees a broken SPF policy. That weakens trust, especially for newer domains, lower-volume senders, and domains that already rely heavily on SPF for DMARC alignment. Even when mail is not rejected immediately, authentication instability can make troubleshooting much harder and contribute to spam-folder placement.

Common causes

• Google Workspace or Microsoft 365 was added after an older SPF record already existed.
• A marketing platform such as SendGrid or Mailchimp pasted its SPF instructions as a second SPF record.
• A DNS migration copied historical TXT records and accidentally preserved duplicate SPF entries.
• Different people updated DNS over time without consolidating everything into one final SPF policy.

What we checked

We looked for TXT records on the domain that begin with v=spf1. If more than one SPF policy is published for the same domain, SPF validation becomes invalid and receiving servers may return permerror instead of a usable result.

Live DNS lookup. No login. No saved domains. No tracking.

FAQ

Next steps

• List every service that legitimately sends email for your domain before editing SPF.
• Identify every TXT record on the domain that starts with v=spf1.
• Merge all valid sender mechanisms into one single SPF record.
• Remove the extra SPF TXT records so only one remains.
• Re-run the check after DNS propagation to confirm the duplicate-record problem is gone.
• Review the full troubleshooting guidance in the SPF Hub.
• Check signing and selector issues in the DKIM Hub.
• Review alignment and policy issues in the DMARC Hub.

Related fixes

• SPF permerror: too many DNS lookups
• SPF include flattening
• SPF record examples
• SPF record syntax explained

Explore more issues

• SPF record examples
• SPF record syntax explained
• How to build an SPF record
• No SPF record found
• SPF permerror: too many DNS lookups
• SPF include flattening
• SPF softfail explained
• SPF neutral result explained
• SPF record syntax error
• SPF missing all mechanism