What are common SPF errors

What are common SPF errors

SPF validation is one of the most important aspects of good delivery.

The Domain Verification Tutorial will show you how to add the records to your domain's DNS settings. One of the records you will be adding is what is called an SPF record. The actual record type is TXT but it widely used and referred to as SPF. As outlined in the tutorial, here are the steps you need to take to add the SPF record to your DNS:

Name: yourdomain (or @)

Value: v=spf1 a mx include:salespush.net ~all

If you already have an SPF entry then you need to edit your current one. For example, if your domain already has the record:

v=spf1 a mx include:_spf.google.com ~all

then you would just add: include:salespush.net

The final record would look like this:

v=spf1 a mx include:_spf.google.com include:salespush.net ~all

If your record does not validate - then it most likely means that either the record is failing to propagate or there is a configuration issue. Some very common SPF issues are listed below.

Multiple SPF Records

Each domain may have only one SPF entry. If your domain contains more than one entry, recipient servers will decline both - this will cause your emails to fail SPF. If there is more than one SPF entry in the domain's DNS, remove ones that are not in use and/or merge existing ones into a single record. When merging make sure that your entry starts with "v=spf1" and ends with "~all" parameter.

Too many DNS lookups

An individual SPF record is limited to 10 "include" lookups. This means your record cannot generate more than 10 references to other domains.

Every instance of parameters "include", "a", "mx", "ptr", "exists", "redirect" will generate one lookup. Additionally, if any domain that is referenced in an "include" contains another instance of those parameters it is also counted towards the 10 lookup limit.

If the SPF record exceeds 10 DNS lookups, the email will fail SPF.

Remove includes and references to domains are not in use anymore. Alternatively, subdomains can be used.  Creating a subdomain will allow an additional SPF record. However, if a subdomain is verified then the email will need to be sent from that subdomain.

Syntax error

Make sure the SPF record is properly constructed. Each SPF record must:

Start with “v=spf1”

End with “~all” , “-all” or “?all”

And does not have multiple “all” or “v=spf1” parts in the entry  (eg. v=spf1 a mx include:salespush.net ~all ~all )

Additional + in include

Some recipient servers are unable to pass SPF records when the "include" is prefixed with a "+" sign.  This is because the default parameter for the mechanism is a pass. The "+" also means pass, so it is redundant. Simply removing any "+" signs from the record will ensure it will pass will most recipient servers.


If your record is not validating, please double check your entry for typos. Examples:

"incldue" instead of "include"


the domain name, make sure you use "salespush.net" and not the easily mistaken "salespush.net"

Still not verifying?

Each change in your DNS zone needs some time to propagate through the internet. Usually, it takes anywhere from a few seconds to one hour. However, in rare cases, this period may take up to 48 hours. If your record is still not propagated after several hours you should contact your domain hosting support and ask them if the change to your DNS has been properly saved and propagated.

    • Related Articles

    • SPF, DKIM and Tracking CNAME Records FAQ

      If you've just landed here from your EmailPush account and want to find out more about setting up your domain, you've come to the right place. Setting up your sender domain will help your email reach the inbox. Now, we know for some it might seem a ...
    • Delivery Guide

      How to ensure the best delivery. Email deliverability is a broad topic. Trends change; but there are a few things to always consider which will help you with your campaigns. Whether you are just starting with email marketing or you are here to ...
    • How to manage your EmailPush account reputation and delivery

      Account reputation is designed to be a reflection of the quality of email being sent on the account. Improving an account's reputation will simultaneously improve an account's delivery and vice versa. How is my account reputation calculated? Each ...
    • What are the bounce error categories and filters?

      Learn about all statuses that can be generated by your bounced emails. If an email bounces, this means that there is likely a permanent or temporary reason the email could not be delivered. If not stated otherwise, the Sales-Push.com email system ...
    • How to warm up a Private IP

      When you add a new dedicated IP address to your account, you need to warm it up. You will need to warm up your brand new cold IP(s) over a period of 4- 6 weeks by gradually adding email volume to the new IP address(es). It is important to warm up ...