I started using Cloudflare’s email routing, and set up the required DNS settings.
But now I’m getting an error that the email routing is disabled because it can’t find the required SPF record.
I do have the SPF record set up, but it has additional ip besides Cloudflare’s SPF.
How can I use Cloudflare’s email routing while allowing additional senders.
Short answer: you can’t.
If you only want to authorise another server to SEND (not RECEIVE) emails with your domain, that should certainly be possible and MX records are not needed for this. Example use-case would be using a transactional email provider.
But given @anon9246926’s response, it seems “sender” means something more here.
Thanks @GeorgeAppiah, I think @anon9246926 understood me correctly with the unfortunate answer that it isn’t possible.
The MX records are fine and I know I need to modify the SPF records for external mail sending (SMTP server).
I think there has been some misunderstandings here?
Quoting alone from your thread title:
@anon9246926’s response would be spot on.
You CANNOT have multiple/additional SPF record(s) that reside on the exact same DNS label.
Taking in to the example that you want to use both Google Workspace (include:_spf.google.com), Office 365 (include:spf.protection.outlook.com), and Cloudflare’s Email Routing (include:_spf.mx.cloudflare.net) functionality:
example.com. IN TXT "v=spf1 include:_spf.google.com -all"
example.com. IN TXT "v=spf1 include:spf.protection.outlook.com -all"
example.com. IN TXT "v=spf1 include:_spf.mx.cloudflare.net -all"
This example would be INVALID, as you cannot have multiple/additional SPF record(s) like that.
I believe this kind of set up would be what @anon9246926 was referring to above.
The key to the fix would be, to use your own word, “MODIFY”.
Instead of the above example with three different SPF records, they need to be merged in to one, which would be like this:
example.com. IN TXT "v=spf1 include:_spf.google.com include:spf.protection.outlook.com include:_spf.mx.cloudflare.net -all"
When you already have an existing SPF, you don’t add a new one, you modify the existing one.
Yep, that’s exactly what I had, a single TXT record for SPF, with multiple include (one of them being Cloudflare’s), but then I got an error message on the email routing page stating that it can’t validate the SPF record - even though it included cloudflare.
Yea, I used a tool to check it, and the modified records were valid SPF records.
seems like it isn’t possible at the moment.