Summary
The overall consensus is that while SPF is a critical component for email authentication and deliverability, adding SPF records to both sender and envelope domains isn't always necessary. The key focus should be on SPF alignment, ensuring the domain in the 'header from' address matches the domain authorized by SPF. SPF authenticates the MAIL FROM identity, including the envelope sender. Experts recommend having separate SPF records for different subdomains used for sending emails to manage sending reputations effectively. They also emphasize the importance of properly configuring SPF records to prevent domain forging and improve email deliverability, enabling recipient servers to verify the authenticity of incoming emails. Caution should be taken regarding the number of DNS lookups, and SPF records should cover all sending domains.
Key findings
- SPF Alignment is Key: Achieving SPF alignment (matching 'header from' and authorized SPF domains) is crucial for passing DMARC and ensuring email deliverability.
- Separate SPF Records for Subdomains: Using individual SPF records for different subdomains is recommended for efficient management of sending reputations.
- Configuration Prevents Forging: Properly configured SPF records prevent domain forging and improve email deliverability by allowing recipient servers to verify authenticity.
- SPF Record Required: If setting up a new email sending domain then SPF record is essential to allow for proper delivery and avoid spoofing.
- MAIL FROM identity: SPF authenticates the MAIL FROM identity
Key considerations
- Focus on 'header from': The SPF record should primarily focus on aligning with the 'header from' address rather than solely the envelope domain.
- Verify All (Sub)Domains: It is crucial to verify all domains and subdomains used for sending email to confirm the correctness of SPF records.
- Beware DNS Lookup Limit: Be mindful of the number of DNS lookups in SPF records to prevent SPF failures.
- Ensure DMARC Compliance: SPF is vital for DMARC compliance, which affects how recipient servers handle emails that fail authentication.
- Microsoft 365: Pay special attention to SPF configuration when using Microsoft 365 to avoid deliverability issues.
What email marketers say
12 marketer opinions
The consensus is that while SPF records are crucial for email authentication and deliverability, adding them to both sender and envelope domains isn't always necessary or recommended. The focus should be on ensuring SPF alignment, which means that the domain in the 'header from' address matches the domain authorized by SPF. For different subdomains used for sending emails, having separate SPF records is considered a good practice for managing sending reputations. It's also important to monitor the number of DNS lookups to prevent SPF failures. Properly configured SPF records help prevent spammers from forging your domain and improve email deliverability, as they allow recipient mail servers to verify that messages genuinely originate from your domain.
Key opinions
- SPF Alignment is Key: SPF alignment (matching 'header from' and authorized SPF domains) is crucial for passing DMARC and ensuring email deliverability.
- Separate SPF Records for Subdomains: Having individual SPF records for different subdomains used for sending email is a good practice for managing sending reputations.
- Importance of SPF Configuration: Properly configured SPF records prevent domain forging and improve email deliverability by allowing recipient servers to verify the sender's authenticity.
- Limit DNS Lookups: Be cautious of the number of DNS lookups in SPF records; exceeding the limit can cause SPF to fail.
Key considerations
- Envelope vs. Header From: Focus on aligning the SPF record with the 'header from' address rather than solely the envelope domain.
- Monitor Subdomains: Regularly verify all domains and subdomains used for sending email to ensure SPF records are properly configured.
- Third-Party Services: If using third-party email services, ensure SPF records cover the subdomains they use for sending.
- DMARC Impact: Understand that SPF, along with DKIM, impacts DMARC compliance, which affects how recipient servers handle emails that fail authentication checks.
Marketer view
Email marketer from DNS records emphasizes the need to verify all domains and subdomains, especially subdomains, to ensure accurate SPF implementation. Neglecting this can cause issues with email authentication and deliverability.
15 Jun 2024 - DNS records
Marketer view
Email marketer from Email Geeks says for the 'best of both worlds', ensure the domains in both (5322 and envelope) match exactly to have SPF covered in both.
5 May 2024 - Email Geeks
What the experts say
4 expert opinions
The experts generally agree that while SPF records are crucial for email authentication and deliverability, it's not always necessary to add them to both the sender and envelope domains. Older practices might suggest it, but modern advice emphasizes SPF alignment. Specifically, ensuring the domain in the 'header from' address matches the domain authorized by SPF is key for DMARC compliance. Gmail also doesn't display SPF results for the 5322.from domain, so an extra SPF record won't alter that. SPF is vital for preventing email spoofing and verifying the authenticity of emails, ultimately improving delivery rates.
Key opinions
- SPF Alignment is Key: Matching the domain in the 'header from' address with the domain authorized by SPF is critical for DMARC compliance.
- Older Guidance is Outdated: Adding SPF at the visible 'from' level, while historically practiced, is not considered necessary now.
- SPF Prevents Spoofing: SPF is essential for verifying the authenticity of emails, preventing spoofing and improving overall email delivery.
- Gmail GPT Behavior: Gmail doesn't show SPF results for the 5322.from domain in Google Postmaster Tools.
Key considerations
- Focus on Alignment: Prioritize SPF alignment with the 'header from' domain to ensure DMARC compliance and prevent deliverability issues.
- Ignore Useless Warnings: Ignore ESP warnings about missing SPF in the 'from' domain, as they are often irrelevant.
- Check GPT Settings: To see SPF results in Google Postmaster Tools, ensure you add the envelope domain to GPT.
- SPF is Required for Setup: If you're setting up a domain for email, make sure to have SPF in place as a critical factor in order for good delivery.
Expert view
Expert from Spam Resource explains that SPF is used to ensure that emails aren't spoofed and that email delivery is verified. If you are setting up a domain SPF is required in order for good delivery.
23 Nov 2023 - Spam Resource
Expert view
Expert from Email Geeks clarifies that while older guidance might suggest adding SPF at the visible from level (due to Microsoft's historical practices), it's not necessary now. Some ESP tools may still issue warnings about the lack of SPF in the from domain, but these are often useless.
3 Oct 2023 - Email Geeks
What the documentation says
4 technical articles
Documentation from RFC Editor, dmarcian, Microsoft, and Cloudflare indicates that SPF (Sender Policy Framework) is a DNS record that authenticates the MAIL FROM identity, including the envelope sender or Return-Path. It helps verify the sending mail server's authority and identifies legitimate emails, preventing spammers from forging 'from' addresses. SPF records should cover all domains used for sending email, including subdomains, to avoid deliverability issues, especially within platforms like Microsoft 365.
Key findings
- SPF authenticates MAIL FROM: SPF authenticates the MAIL FROM identity (envelope sender/Return-Path).
- Verifies Sending Authority: SPF verifies the authority of the sending mail server, preventing unauthorized use of the domain.
- Prevents Forged Addresses: SPF helps prevent spammers from using forged 'from' addresses.
- Covers All Sending Domains: SPF records should cover all domains used for sending email, including subdomains.
Key considerations
- Subdomain Coverage: Ensure SPF records include subdomains used by marketing services or other email sending platforms.
- Microsoft 365: Pay special attention to SPF configuration when using Microsoft 365 to avoid deliverability issues.
- SMTP Transaction: SPF is used during the SMTP transaction to verify the sending server.
- Legitimate Email: Implementing SPF helps receiving servers identify legitimate emails and filter out fraudulent ones.
Technical article
Documentation from Microsoft advises ensuring that the SPF record covers all domains used for sending email, including subdomains used by marketing services. It notes that neglecting this can lead to deliverability issues, especially if you're using Microsoft 365.
14 Nov 2021 - Microsoft
Technical article
Documentation from RFC Editor details that SPF (Sender Policy Framework) authenticates the MAIL FROM identity (also known as the envelope sender or Return-Path). It explains SPF's mechanism to permit sending hosts of a domain and is used during the SMTP transaction.
6 Aug 2024 - RFC Editor
Against which domain is SPF checked?
Can a sender modify SPF records to alter SPF checking behavior?
How do I properly set up SPF and DKIM records for email marketing, including handling multiple SPF records, IP ranges, bounce capturing, and Google Postmaster Tools verification?
How do SPF, DKIM, and DMARC email authentication standards work?
How do SPF records and DKIM keys work with multiple email services like Klaviyo and Shopify?
How should I combine SPF records and what domain should I use with SendinBlue?
