A domain should normally publish one SPF policy at the domain root. If DNS has two or more TXT records that start with v=spf1, receivers may treat SPF as broken instead of choosing the one you meant.
Check your public SPF record
Run a public DNS scan first, then use this guide to plan a careful SPF consolidation.
01$0Free scan
Check the public sender-auth records mailbox providers expect.
02$0Shareable action plan
Keep one URL with evidence, owner steps, and decisions.
03$49$49 fix plan
Add human review, provider context, and verification steps.
Optional. Most first scans can run with just the domain.
Checks Gmail, Yahoo, and Microsoft sender requirementsPublic DNS onlyNo mailbox login needed
Example result72/100Needs attention
Review DMARC policy strength before a high-volume send.
Public DNS evidence
DMARC/SPF/DKIM status and caveats are visible before you pay.
Owner-ready next step
The audit adds provider context and a verification checklist.
Get the exact fix plan for your domain.$49 readiness audit: prioritized owner actions, DNS evidence, and verification checks.
SPF is published as a DNS TXT record. RFC 7208 says a domain must not have multiple records that cause an SPF check to select more than one record. In practice, this often happens after a business adds a new mail app, CRM, payroll tool, newsletter sender, or support desk without merging it into the existing SPF policy.
The symptom is easy to miss because each individual TXT value may look valid. The problem is the duplicate SPF policy at the same host, not necessarily one bad include.
Safe consolidation process
Find every TXT record at the root domain that begins with v=spf1.
List the active senders represented by each include, ip4, ip6, a, or mx term.
Remove obsolete services only after the business owner or platform admin confirms they no longer send mail for the domain.
Create one SPF record that contains the remaining authorized senders and one ending mechanism such as ~all or -all.
Publish the single record, then rescan after DNS propagation.
Example shape
If one record authorizes Google Workspace and another authorizes a newsletter tool, the fix is usually one combined policy. The exact value depends on your actual providers, so treat this as structure only:
Do not copy a sample into DNS until you confirm the include names with each vendor. A typo or missing sender can cause real messages to fail SPF.
What to review after the fix
Google, Yahoo, and Microsoft all discuss SPF as part of broader sender authentication expectations. After duplicate SPF records are resolved, check DKIM, DMARC alignment, valid DNS, complaint-rate guidance, unsubscribe behavior for marketing mail, and the real headers from important sending platforms.
Multiple SPF records FAQ
Can I publish two SPF records for the same domain?
No. SPF version 1 expects one selected SPF policy for the domain. Multiple SPF TXT records can make SPF evaluation return a permanent error, so the practical fix is to merge authorized senders into one record.
Should I delete one SPF record immediately?
Not before you understand what each record authorizes. Inventory the senders in both records, confirm which services are still active, then publish one consolidated record with your DNS owner.
Does fixing duplicate SPF records make inbox placement certain?
No. It removes one public authentication problem. Mailbox providers can still evaluate DKIM, DMARC alignment, reputation, complaints, content, subscription practices, and volume patterns.
Want the SPF finding organized into a report?
SenderReady readiness audits save the scan and summarize public DNS next steps for review with your DNS owner or mail administrator. They are diagnostics, not predictions of inbox placement.