SendGrid SPF Not Working? Fix SPF Include Errors (2026)

Learn the bigger picture in our Email Authentication Explained guide and compare SPF vs DKIM vs DMARC to understand how these protocols work together.

One-Minute Fix

Publish a single SPF TXT record for your sending domain that includes SendGrid and remove any duplicate SPF records. Start with your existing SPF policy and add include:sendgrid.net to it, then delete extra v=spf1 records so only one SPF policy remains.

example.com TXT "v=spf1 include:sendgrid.net -all"

This example authorizes only SendGrid to send mail for example.com and fails all other sources. In real deployments you will usually combine SendGrid with other providers in a single v=spf1 policy rather than publishing separate SPF records.

Wrong vs correct setup

example.com TXT "v=spf1 include:_spf.google.com -all"
example.com TXT "v=spf1 include:sendgrid.net -all"

example.com TXT "v=spf1 include:_spf.google.com include:sendgrid.net -all"

Why this happens

SendGrid’s SPF instructions require adding include:sendgrid.net to your existing policy, not publishing a second SPF TXT record. SPF only supports one policy per domain. Failures appear when the include mechanism is missing, added to a different hostname than the one you send from, or split into a second v=spf1 record that causes permerror.

Why this is a problem

When SPF fails for SendGrid traffic, some providers will treat your mail as suspicious or apply DMARC policies more aggressively. Transactional notifications, password resets, and marketing campaigns sent through SendGrid become more likely to land in spam or get throttled, even if the content and engagement are healthy.

How this affects deliverability

SPF is one of the baseline signals receivers use to decide whether infrastructure is authorized. If SendGrid is not correctly represented in SPF, your sending IPs look like unapproved sources for your domain. That weakens trust in your mail streams and can reduce inbox placement over time.

Common causes

• include:sendgrid.net was never added to the SPF record for the sending domain.
• Multiple SPF TXT records were published instead of a single merged policy.
• The SPF record was created on the wrong hostname (for example, www.example.com instead of example.com).
• The SPF syntax contains typos or misplaced mechanisms that break evaluation.
• Recent DNS changes, including the SendGrid include, have not finished propagating yet.

What we checked

We looked for a single SPF TXT record on your sending domain that begins with v=spf1 and inspected whether it contains include:sendgrid.net. If more than one SPF record exists or the include mechanism is missing from the active policy, SendGrid mail will not authenticate correctly.

Live DNS lookup. No login. No saved domains. No tracking.

FAQ

Next steps

• Identify the exact domain SendGrid uses in the MAIL FROM or Return-Path for your messages.
• Update the SPF TXT record for that domain to include include:sendgrid.net alongside any other legitimate senders.
• Remove any duplicate SPF TXT records so only one policy remains.
• Wait for DNS propagation and re-run SPF checks for messages sent through SendGrid.
• Confirm that DMARC now sees SPF as passing and aligned for SendGrid traffic.
• Review the full troubleshooting guidance in the SPF Hub.
• Check signing and selector issues in the DKIM Hub.
• Review alignment and policy issues in the DMARC Hub.

Related fixes

• SPF record syntax explained
• Multiple SPF records found
• SPF permerror: too many DNS lookups
• SPF record examples

Explore more issues

• SPF record examples
• SPF record syntax explained
• How to build an SPF record
• No SPF record found
• Multiple SPF records found
• SPF permerror: too many DNS lookups
• SPF include flattening
• SPF softfail explained
• SPF neutral result explained
• SPF record syntax error