10 Most Common Errors in SPF Records

In our analysis of the SPF records of the top 1 million websites, we uncovered over 20,000 domains with invalid SPF setups. In this blog post, we not only reveal the ten most common types of errors we encountered but also offer advice on how to avoid these issues, along with practical tips for fixing them.

According to RFC 7208, the document that specifies SPF, “multiple SPF records are not permitted for the same owner name,” and an email server is supposed to produce a permerror result in cases where more than one record is found. Despite this, we identified nearly 13,000 domains among the top 1 million most-visited websites with two or more SPF records. One domain, i-scream.co.kr, even had a total of 17 SPF records. An example of a quite popular domain with two SPF records is howstuffworks.com:

Clearly, the administrators of howstuffworks.com intended to authorize Gmail (google.com) and Mailchimp (mcsv.net) to send emails on behalf of the domain. However, instead of adding two separate SPF records, they should have merged them into a single record, such as v=spf1 include:_spf.google.com include:servers.mcsv.net ~all.

Leave a Comment