Combine 2 spf records into 1

Question

I have 2 spf records for my email example.com

The first one is from my hosting provider. I DO send and receive email through my hosting provider. Emails from here do not go to spam.

"v=spf1 ?include:custspf.register.com"

Second SPF is for my digital ocean droplet. I ONLY want to send email from the sever NOT receive. All messages from this server go to spam.

"v=spf1 mx a ip4:111.22.33.44/32 a:example.com ?all"

http://www.openspf.org/Why output

An SPF-enabled mail server rejected a message that claimed an envelope sender address of user@example.com. An SPF-enabled mail server received a message from example.com (111.22.33.44) that claimed an envelope sender address of user@example.com.

The domain example.com has published an SPF policy, however, an error occurred while the receiving mail server tried to evaluate the policy:

Redundant applicable 'v=spf1' sender policies found.

I have tried to update the second spf to

"v=spf2 mx a ip4:111.22.33.44/32 a:example.com ?all" but it did not help.

Googleing around I have seen many articles that suggest not using multipule spfs record and use 1 and combine them.

Original Message Message ID <201901291825.x0TIPT8L001819@example.com> Created at: Tue, Jan 29, 2019 at 1:25 PM (Delivered after 1 second) From: user@example.com To: someone@gmail.com Subject: Thank You SPF: NEUTRAL with IP 111.22.33.44 Learn more

Delivered-To: someone@gmail.com Received: by 2002:a0c:b551:0:0:0:0:0 with SMTP id w17csp4938564qvd; Tue, 29 Jan 2019 10:25:30 -0800 (PST) X-Google-Smtp-Source: ALg8bN5vX+AyxqxIugeeTu1/0TXws8MIcy6s5+xtxYqLDnMaKoy5CV6mkyVAJVuczjD8byDDVmI1 X-Received: by 2002:ac8:1a59:: with SMTP id q25mr26590924qtk.387.1548786330055; Tue, 29 Jan 2019 10:25:30 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1548786330; cv=none; d=google.com; s=arc-20160816; b=a5ZUgIvytUIfGVZcQl8dyvJvO6d2GaU2p4dZPAqQ046Fwyy9pGdK6zuhgwvkcUgoWV TyBg062SKMQc7NFZ6BurvirUB8k+4vpqDSg7fgitU08j2JFyQEOh1in2wumHs+s6QY2k IfVe1w0uApBaXETunHUbE0WRMHyKBjzEf63X9eyb/LjqVsTrNo96BUxaZXoWo8t3tkfC N1c/9dPfJpjNTtpB0ql4msGqpXYFTSqKkxruN3e82zsrBwnYoc0iSVwJSUz6PaZA6vaJ BFbfklS8zN68eWIBBdCuNYNxywU/ix5Icjt8iNPTiLovyadnYJAPWlXk0YFlpPipb2A2 W+bA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=from:subject:to:message-id:date; bh=2PBWkaoD+bPrwpJMJgA9+kttIMeDqJhJn6syhiLs5PY=; b=q+JkyqBCFIwelNq7rjs6lm+9LuPA6myRrYPNoMucrGOVu2r9cK2zhpoPu7ov9EzQjl dOn75+xht2u6blQDLMLbklIF7IZ8wIhUpSy5iBTBf0S+hsVMgLYaiGFzP6EMn14LxFxT vZ+CGw94WL2D73V7idO22Zi4kwsBDVILEGBNOrSfXbYndG+xSG2I2DgnJhjDL2a92grZ rcp8lDyDMJ5gadsIDJIJBiWUV0JFF5wEPWYTLT/Ttn/p9b4yMbTbMQxqSFTJ5fRXp12s jbHLARQyMQL5s2sWZuv71rPJDt5n4Ta1gRPWyBYXGYYQvxl9NbIByzS7lsfm4LN1wUBb CUEg== ARC-Authentication-Results: i=1; mx.google.com; spf=neutral (google.com: 111.22.33.44 is neither permitted nor denied by domain of user@example.com) smtp.mailfrom=user@example.com Return-Path: Received: from example.com (example.com. [111.22.33.44]) by mx.google.com with ESMTPS id a31si3538773qvh.91.2019.01.29.10.25.29 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 29 Jan 2019 10:25:30 -0800 (PST) Received-SPF: neutral (google.com: 111.22.33.44 is neither permitted nor denied by domain of user@example.com) client-ip=111.22.33.44; Authentication-Results: mx.google.com; spf=neutral (google.com: 111.22.33.44 is neither permitted nor denied by domain of user@example.com) smtp.mailfrom=user@example.com Received: from example.com (example.com [127.0.0.1]) by example.com (8.14.7/8.14.7) with ESMTP id x0TIPTnE001820 for ; Tue, 29 Jan 2019 18:25:29 GMT Received: (from donna@localhost) by example.com (8.14.7/8.14.7/Submit) id x0TIPT8L001819; Tue, 29 Jan 2019 18:25:29 GMT Date: Tue, 29 Jan 2019 18:25:29 GMT Message-Id: <201901291825.x0TIPT8L001819@example.com> To: someone@gmail.com Subject: Thank You X-PHP-Originating-Script: 0:testemail1.php From: user@example.com

Thank You

I have also confirmed that reverse dns matches

Question 1:

How can I combine

"v=spf1 ?include:custspf.register.com" and "v=spf1 mx a ip4:111.22.33.44/32 a:example.com ?all"

Into 1 spf?

Question 2:

Is there a better way?

Question 3:

Do i need an mx record for a server if I am only receiving emails?

Answer 1

1- For combining more than one spf, a good answer could be looking for some spf that has achieved that already (you can try a good example by digging some, the command would be dig txt domain.name)

For that, i.e. you can check sendgrid or any other email sending "specialist" (they live on that, so maybe could be a good option (check as well email services that offers several domains, such as hotmail.com / live.com ...

sendgrid.com. 1440 IN TXT "v=spf1 ip4:167.89.32.5 ip4:167.89.32.50 ip4:50.31.36.199 ip4:50.31.36.205 ip4:50.31.36.208 ip4:50.31.36.213 ip4:50.31.36.197 ip4:167.89.25.84 include:_spf.google.com include:partners.sendgrid.com include:_labs.sendgrid.com -all"

Keep that as an example, and maybe look for something that may fit better what you are looking for.

2- I would say it would be a good idea and easier to mantain if each domain has it's own txt record and you include it as in the mentioned example. If you are really interested into sending emails and reputation, I would keep sending different domains in different addresses (whenever possible) to not harm some email reputation with the other domain.

3- It is always a good practice to have an abuse@ account for handling rejections, bounces, etc. So yes, I would rather say having mx helps in email reputation (I would say is de facto / mandatory, as any serious provider would ensure it exists and eventually you may handle it indirectly) don't know by now but by the time I was working with email, that was an important part of "reputation building techniques"

Here you can find an spf builder if it helps checking syntax, never used it though

https://tools.wordtothewise.com/spf

but mentioned in relation to this post (https://stackoverflow.com/questions/6110534/how-to-create-spf-record-for-multiple-ips) not duplicated though (as the answer doesn't seem to work anymore there)