What happens if TXT records overlap (e.g., multiple SPF entries)?

Still have a question, spotted an error, or have a better explanation or a source we should cite?

You set up SPF, handed it off to your IT person, then your ESP added another SPF record during onboarding. Now you've got two. Seems harmless, right? It's not. Multiple SPF records at the same domain will break your authentication entirely.

Here's how TXT record overlaps play out across each type:

Multiple SPF records are explicitly forbidden by the spec (RFC 7208). If a receiving server finds more than one v=spf1 record on your domain, it returns a permerror and treats authentication as failed. Not "maybe failed." Failed. Every email from your domain fails SPF validation until you fix it.

Multiple DMARC records follow a similar rule. There should be exactly one _dmarc.yourdomain.com TXT record. If there are two, most mail servers will simply discard your DMARC policy entirely. That means no enforcement, no reports, and no protection against spoofing.

Multiple DKIM records are actually fine, as long as you're using different selector names. DKIM lives at a unique subdomain like selector1._domainkey.yourdomain.com, so adding a second ESP with its own selector (selector2._domainkey...) is totally normal. Problems only show up if you publish two records under the same selector name, which would create the same ambiguity problem as duplicate SPF.

Non-email TXT records play nicely with each other. Google site verification, Facebook domain verification, and similar ownership tokens all coexist without issues because they have different names or different content patterns that don't conflict.

How to fix overlapping SPF records

You don't need two SPF records. You need one that includes all your sending sources. Combine everything into a single record like this:

v=spf1 include:_spf.google.com include:sendgrid.net ~all

Delete the duplicate, save the merged version, and give DNS about 30 minutes to propagate. Then check it. If you're not sure your new record is structured correctly, our free SPF checker will tell you exactly what it finds on your domain and flag any errors.

For DMARC, the fix is even simpler. Delete the extra record and keep the one that has your actual policy set correctly. If you're not sure which one to keep, run your domain through our free DMARC parser to see what's currently published.

But if things still look broken after merging your records, it's worth checking whether a formatting error crept in during the edit. A single misplaced space or missing qualifier can cause the same kind of authentication failure as a duplicate record.

Contributors

Who worked on this answer

Every name links to their profile. Every company links to their site. Real people, real accountability.

Ask an AI · tailored to your setup

Paste your TXT records and get a merged SPF fix

I have overlapping TXT records on my domain and I need help fixing them. Here are my details: - Domain: your domain - Records currently published (paste them): your TXT records - ESPs or services I send from: list them - Authentication that's failing: SPF / DMARC / DKIM Please help me merge my SPF records into one valid record, identify any duplicate DMARC entries, and check whether my DKIM selectors are conflicting.

Edit the yellow boxes, then send to the AI of your choice.