DNS - SPF for two mail servers inc sub-domain

glen9 · May 6, 2023, 2:25pm

Hi all,

I wonder if someone can shed some light on this please.

I have a domain @domain.com that uses iCloud+ for my regular email, which has been working fine (and still does). No issues… However I want to also use a subdomain –

@subdomain.domain.com which I want to use for more secure emails (banking etc) at Proton Mail. I can get everything working, apart from SPF whereby Proton Mail Domain names just won’t recognise my additional entry.

So I have added the following to Cloudflare DNS –

TXT @ (root) v=spf1 include:_spf.protonmail.ch include:icloud.com ~all

I don’t believe you are allowed two separate entries? What I’m confused about is that under “name” other entries for my DNS entries like MX I’ve added the subdomain…

Does this make sense?

Thanks all.

epic.network · May 6, 2023, 3:12pm

Welcome to the Cloudflare Community.

You cannot have more than one SPF record at the same label, however, you are in need of an SPF record for a subdomain, which is a distinct and separate label.

You will want to omit the Proton mail include: from your apex domain, example.com and instead use it in the SPF record for sub.example.com.

TXT @ "v=spf1 include:icloud.com -all"
TXT sub "v=spf1 include:_spf.protonmail.ch -all"

glen9 · May 6, 2023, 3:16pm

Perfect @epic.network. Just tried this, and worked perfectly. Proton is happy… and passes tests at learndmarc for for domain and the subdomain.

system · May 9, 2023, 3:17pm

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.