Multiple SPF records may cause delivery and spam classification issues Route53 and G-Suite

Question

Using G-suite email and DNS configuration for MX records in Route53, I'm blocked on how I can solve this error:

Multiple SPF records may cause delivery and spam classification issues. v=spf1 include:_spf.google.com ~all v=spf1 include:transmail.net ~all

Route53 only allow a single TXT record for SPF information. Route53 does allow you to use new lines for additional SFP information.

However, when running the G-Suite check, I get the error quoted above and some clients are seeing our emails as SPAM.

Is there a solution to this?

Answer 1

A domain MUST NOT have multiple SPF records, SPF fails with PermError otherwise.

An SPF record is a TXT record in the DNS starting exactly with "v=spf1", followed by an array of mechanisms and/or modifiers.

An SPF check starts by fetching all TXT records starting exactly with "v=spf1" on a domain:

• if no such record is found, it returns None;

• if multiple such records are found, it returns PermError.

If you have multiple services to add to SPF, you would need to combine them like mti2935.

Learn more here: https://dmarcly.com/blog/can-i-have-multiple-spf-records-on-my-domain

Answer 2

The only way I was able to fix this was to proxy the DNS records in Cloudflare which allows an SPF record per line.

Answer 3

You should have one SPF record for your domain, but you can have multiple include directives in the SPF record. You might want to try something like this:

v=spf1 include:_spf.google.com include:transmail.net ~all