How do I configure DNS records to send emails from two different ESPs using the same subdomain?

Summary

Configuring DNS records to send emails from two different ESPs using the same subdomain is complex and generally discouraged. It requires careful management of SPF, DKIM, and DMARC records. Best practices involve using a single SPF record with 'include' mechanisms, ensuring it stays within the 10 DNS lookup limit, and employing distinct DKIM selectors for each ESP. Proper alignment of the Return-Path and active monitoring of DMARC reports are also crucial. Alternatives like dedicated subdomains are often recommended for simplicity and better deliverability.

Key findings

  • Complexity & Risk: Sharing a subdomain for multiple ESPs introduces significant complexity and increases the risk of deliverability issues.
  • Single SPF Record Required: You must combine all ESPs into a single SPF record (using 'include' mechanisms) as multiple SPF records are invalid.
  • SPF 10 DNS Lookup Limit: The SPF record cannot exceed 10 DNS lookups across all included domains; exceeding it will cause SPF to fail.
  • Unique DKIM Selectors: Each ESP must use different DKIM selectors to prevent key conflicts and ensure proper signing.
  • Return-Path Alignment is Critical: The Return-Path (MAIL FROM) must be correctly aligned with each ESP to handle bounces and feedback loops effectively.
  • Active DMARC Monitoring is a Must: DMARC reporting should be enabled and actively monitored to identify authentication failures, spoofing attempts, and ensure overall email security.

Key considerations

  • Consider Alternatives: Seriously consider using dedicated subdomains for each ESP, as this simplifies DNS management and reduces the risk of deliverability problems.
  • Flatten SPF if Needed: If the number of DNS lookups approaches the limit, flatten the SPF record (resolve includes to IPs) to stay within the limit. This requires ongoing maintenance.
  • DKIM Key Rotation is Important: Establish and maintain DKIM key rotation procedures for each ESP.
  • Validate SPF Records Regularly: Use tools like Kitterman's SPF validator to ensure your SPF record is valid and doesn't exceed the lookup limit.
  • Monitor IP Reputation: Monitor the IP reputation of each ESP to ensure they are not negatively impacting your domain's deliverability.
  • Warm up New IPs: If using dedicated IPs, properly warm them up to establish a sending reputation.
  • Don't Forget Sender ID: While less important than SPF/DKIM/DMARC, ensure Sender ID is consistent with your sending domain.

What email marketers say
13Marketer opinions

Configuring DNS records to send emails from two different ESPs using the same subdomain involves complexities around SPF, DKIM, and DMARC authentication. While possible, it's generally advised against due to increased complexity, troubleshooting challenges, and potential deliverability issues. Alternatives such as dedicated subdomains or Sender Rewriting Scheme (SRS) are often recommended. If pursuing the same subdomain, careful management of SPF records (avoiding exceeding the 10 DNS lookup limit), DKIM selectors, and Return-Path configuration is essential, along with continuous monitoring of deliverability and IP reputation.

Key opinions

  • Complexity: Using the same subdomain for multiple ESPs significantly increases DNS configuration complexity and troubleshooting efforts.
  • SPF Limit: The SPF 10 DNS lookup limit is a critical constraint; exceeding it will invalidate SPF and impact deliverability.
  • DKIM Selectors: Using different DKIM selectors for each ESP is crucial to avoid key conflicts.
  • Return-Path: Properly configuring the Return-Path for each ESP is essential for bounce handling and feedback loops.
  • Deliverability Monitoring: Continuous monitoring of deliverability metrics and authentication results is necessary to identify and resolve issues promptly.

Key considerations

  • Alternatives: Consider using dedicated subdomains or Sender Rewriting Scheme (SRS) as simpler and less problematic alternatives.
  • SPF Management: Carefully manage SPF records, potentially flattening them, to stay within the 10 DNS lookup limit.
  • IP Reputation: Monitor IP reputation for each ESP, as poor reputation can negatively impact deliverability.
  • IP Warm-up: Warm up new IP addresses gradually to build a positive sending reputation.
  • Tooling: Use SPF validation tools (e.g., Kitterman's) to ensure SPF records are valid and within limits.
  • DMARC Reporting: Implement and monitor DMARC reporting to identify authentication failures and potential spoofing attempts.
  • Sender ID: Although less important than SPF/DKIM/DMARC, ensure Sender ID consistency.
Marketer view

Marketer from Email Geeks advises against using the same domain/subdomain for separate mail streams, especially when one is used for 1-to-1 communications. It complicates understanding and explaining the setup due to numerous variables and increases support time. It often adds complexity without improving anything for the sender and complicates DMARC report analysis.

January 2024 - Email Geeks
Marketer view

Email marketer from Litmus explains using tools to monitor deliverability and authentication results is critical when using multiple ESPs. This allows you to quickly identify and resolve any issues with SPF, DKIM, or DMARC.

August 2023 - Litmus
Marketer view

Email marketer from ZeroBounce shares warming up each new IP address is essential. Gradually increase sending volume over time to build a positive sending reputation with ISPs.

July 2022 - ZeroBounce
Marketer view

Email marketer from Stack Overflow explains that SPF has a 10 DNS lookup limit. If including multiple ESPs causes you to exceed this limit, SPF will break. Suggests using a subdomain or Sender Rewriting Scheme (SRS) as alternatives.

April 2024 - Stack Overflow
Marketer view

Marketer from Email Geeks explains that while it's possible to use the same domain for multiple mail streams, it's complicated and has downsides. Recommends using a subdomain dedicated to each mail stream for easier management and less confusion.

November 2022 - Email Geeks
Marketer view

Email marketer from Email Marketing Forum shares that tools like Kitterman's SPF validator can check whether your SPF record is valid and doesn't exceed the 10 DNS lookup limit.

May 2023 - Email Marketing Forum
Marketer view

Email marketer from SendGrid responds that if possible, use dedicated IPs for each ESP. This allows for better control over your sending reputation and simplifies troubleshooting deliverability issues.

November 2021 - SendGrid
Marketer view

Email marketer from SparkPost advises that regularly monitoring your IP reputation for each ESP is crucial. Poor IP reputation can negatively impact deliverability, even if SPF/DKIM/DMARC are correctly configured.

March 2021 - SparkPost
Marketer view

Email marketer from Email on Acid shares an alternative approach is to delegate a subdomain to each ESP. This means each ESP has full control over the DNS records for that subdomain, simplifying configuration and reducing conflicts.

September 2024 - Email on Acid
Marketer view

Email marketer from MailerLite explains that the Return-Path domain is where bounces are sent. Ensure the Return-Path is correctly configured for each ESP to receive bounce notifications and maintain a clean list.

October 2022 - MailerLite
Marketer view

Email marketer from Mailjet warns of the SPF 10 DNS lookup limit again and suggests flattening your SPF record to avoid exceeding this limit. This involves resolving all includes and IPs into a single SPF record, but it requires careful maintenance.

September 2023 - Mailjet
Marketer view

Email marketer from Campaign Monitor explains that Sender ID is less relevant than SPF/DKIM/DMARC, but it's still good practice to ensure your Sender ID is consistent with your sending domain.

February 2025 - Campaign Monitor
Marketer view

Email marketer from Reddit shares using different DKIM selectors for each ESP allows you to differentiate the signing keys. Each ESP will then use its own selector when signing emails, avoiding conflicts.

March 2024 - Reddit

What the experts say
8Expert opinions

To configure DNS records for sending emails from two different ESPs using the same subdomain, experts emphasize the importance of distinct SPF records, MX records, and DKIM selectors for each ESP. Each ESP should have its own 5321.from domain and corresponding SPF and MX records to ensure proper bounce handling. Administrators must diligently manage the 10 DNS lookup limit within SPF records and implement robust DKIM key rotation procedures. Careful Return-Path management, aligning it correctly with each ESP's sending domain, is crucial. Finally, proper configuration and monitoring of DMARC reporting are essential for identifying authentication failures and improving email security.

Key opinions

  • Separate SPF Records: Each ESP requires its own unique SPF record associated with its 5321.from domain. Avoid using the same SPF record for multiple ESPs or including multiple ESPs in a single SPF include statement.
  • Distinct MX Records: Each ESP needs its own MX record to manage bounces effectively. The 5321.from domain should align with the correct MX record for each ESP to route bounces back to the appropriate system.
  • Unique DKIM Selectors: Employ distinct DKIM selectors for each ESP to differentiate signing keys and avoid conflicts.
  • Return-Path Alignment: Ensure the Return-Path (MAIL FROM) is correctly aligned with each ESP's sending domain to properly handle bounces and feedback loops. Incorrect Return-Path configuration can lead to deliverability issues.
  • DMARC Reporting: Properly configure DMARC reporting to actively monitor authentication results, identify failures, and address potential spoofing attempts. Regular analysis of DMARC reports is crucial for maintaining email security.
  • SPF include Limit: Administrators must remain vigilant about the 10 DNS lookup limit, which can impact deliverability if exceeded.

Key considerations

  • DNS Lookup Limit: Be mindful of the 10 DNS lookup limit when using 'include:' mechanisms in SPF records and use tools to validate SPF records.
  • Key Rotation: Ensure proper DKIM key rotation procedures are in place for each ESP. Keys need to be updated periodically, and proper management helps maintain authentication integrity.
Expert view

Expert from Email Geeks shares that for DKIM, it’s easy to use different selectors.

December 2022 - Email Geeks
Expert view

Expert from SpamResource explains that while using multiple 'include:' mechanisms in SPF records is common for multiple ESPs, administrators must remain vigilant about the 10 DNS lookup limit, which can impact deliverability if exceeded. They advise to use tools to validate SPF records.

February 2022 - SpamResource
Expert view

Expert from Email Geeks explains that it's possible to send from multiple CRM installations using the same domain, but you need to know the 5321.from address for each installation and publish the correct SPF and MX records for that subdomain.

June 2022 - Email Geeks
Expert view

Expert from Email Geeks explains that each ESP should have its own 5321.from domain with its own TXT record for SPF. Having the same SPF record for two different ESPs will cause problems. You should NEVER have more than one ESP in a SPF include.

February 2022 - Email Geeks
Expert view

Expert from Word to the Wise shares that properly configuring DMARC reporting is vital when using multiple ESPs. Monitoring DMARC reports helps identify authentication failures and potential spoofing attempts, enabling quicker mitigation and improved email security across all sending sources.

January 2024 - Word to the Wise
Expert view

Expert from Email Geeks explains that each domain should have its own MX record for bounce handling, ensuring bounces go back to the sending system. That's why you need different subdomains for each system in the 5321.from.

January 2025 - Email Geeks
Expert view

Expert from SpamResource explains that when managing DKIM across multiple ESPs, ensure proper DKIM key rotation procedures are in place for each ESP. Keys need to be updated periodically, and proper management helps maintain authentication integrity.

June 2024 - SpamResource
Expert view

Expert from Word to the Wise shares that carefully managing the Return-Path (also known as MAIL FROM or 5321.MailFrom) is crucial when using multiple ESPs from the same domain. Each ESP's Return-Path should be correctly aligned with their respective sending domains/subdomains to properly handle bounces and feedback loops.

April 2024 - Word to the Wise

What the documentation says
4Technical articles

When configuring DNS records to use two different ESPs with the same subdomain, documentation emphasizes leveraging 'include' mechanisms for SPF records while adhering to the 10 DNS lookup limit. Distinct DKIM selectors are crucial for each ESP to prevent conflicts. Proper SPF and DKIM configuration is paramount, followed by aligning the DMARC policy to ensure effective authentication and security.

Key findings

  • Single SPF Record: Multiple SPF records for a domain are not supported; combine them into a single record.
  • SPF 'include' Mechanism: Use the 'include' mechanism to reference other domains' SPF records.
  • 10 DNS Lookup Limit: Be aware of the 10 DNS lookup limit for SPF records when using multiple 'include' mechanisms.
  • Distinct DKIM Selectors: Configure different DKIM selectors for each ESP.
  • DMARC Alignment: Align DMARC policy with correctly configured SPF and DKIM for each ESP.

Key considerations

  • SPF Record Validation: Validate the combined SPF record to ensure it's valid and within the DNS lookup limit.
  • DKIM Key Management: Properly manage and rotate DKIM keys for each ESP based on their individual guidelines.
  • DMARC Monitoring: Monitor DMARC reports to ensure compliance and address any potential authentication issues.
Technical article

Documentation from Google Workspace Admin Help explains that having multiple SPF records for a domain is not supported and can cause deliverability issues. It recommends combining multiple SPF records into a single record using include mechanisms.

December 2021 - Google Workspace Admin Help
Technical article

Documentation from AWS SES answers that when configuring DKIM with multiple ESPs, using different selectors for each ESP to avoid conflicts is important. Each selector should correspond to a unique DKIM key.

August 2023 - AWS SES Documentation
Technical article

Documentation from RFC 7208 details that the 'include' mechanism in SPF records allows referencing other domains' SPF records. This is a best-practice approach for using multiple ESPs, but warns of the 10 DNS lookup limit across all included records.

February 2025 - RFC Editor
Technical article

Documentation from DMARC.org explains that DMARC builds on SPF and DKIM. When using multiple ESPs, ensure both SPF and DKIM are correctly configured for each ESP, and then align the DMARC policy accordingly.

April 2022 - DMARC.org