Summary
FCrDNS improves deliverability by verifying the association between the sending IP and domain, building trust with ISPs and preventing spam flags. However, ensure hostnames are not IP-based. SPF enhances deliverability by authenticating sending servers, preventing spoofing, and ensuring legitimate emails reach the inbox. For SparkPost, configure SPF via a TXT record ('v=spf1 include:sparkpostmail.com -all'). When using dedicated IPs, list IPs directly in the SPF record instead of using 'include:', which outsources authority. Remember SPF applies only to the bounce domain, not the sending domain. Use SPF with DMARC and warm up dedicated IPs to build sending reputation. Ensure rDNS matches the HELO/EHLO statement.
Key findings
- FCrDNS Trust: FCrDNS builds trust with ISPs by verifying the association between the sending IP and domain.
- SPF Authentication: SPF authenticates sending servers, preventing spoofing and enhancing email deliverability.
- SparkPost SPF Record: SparkPost requires a specific SPF record ('v=spf1 include:sparkpostmail.com -all') in the DNS settings.
- Dedicated IPs: List dedicated IPs directly in the SPF record instead of using 'include:'.
- SPF Scope: SPF only applies to the bounce domain.
- DMARC partnership: Use SPF in conjuction with DMARC for better protection
Key considerations
- Reputation Management: Regularly monitor and maintain your sender reputation, especially with dedicated IPs.
- IP Updates: Update SPF records whenever IP addresses change for dedicated IPs.
- Authentication Strategy: Implement a comprehensive email authentication strategy, including SPF, DKIM, and DMARC.
- Outsourcing Risks: Evaluate the risks of using 'include:' in SPF records, as it outsources authority to a third party.
What email marketers say
13 marketer opinions
FCrDNS provides deliverability benefits by verifying that a sending IP address is associated with your domain, which builds trust with ISPs and reduces spam flagging. SPF records enhance deliverability by authenticating sending servers, preventing spoofing, and ensuring legitimate emails reach the inbox. When using SparkPost, SPF records authorize SparkPost to send emails on behalf of your domain. Best practices include proper configuration of SPF records with dedicated IPs and awareness that SPF applies to the bounce domain, not the sending domain. When using shared IPs the SPF record will be handled by the provider (i.e. Sendgrid) but on dedicated IPs it should be handled yourself.
Key opinions
- FCrDNS Benefits: Matching FCrDNS improves deliverability by verifying the sender's IP address and associating it with their domain.
- SPF Functionality: SPF records authenticate sending servers and prevent spoofing, enhancing deliverability by ensuring legitimate emails reach the inbox.
- SPF Configuration with SparkPost: When using SparkPost, configure SPF records to authorize SparkPost to send emails on behalf of your domain.
- Bounce vs Sending Domain: SPF only applies to the bounce domain and not the sending domain.
Key considerations
- Shared vs. Dedicated IPs: With shared IPs, SPF records are usually managed by the provider; with dedicated IPs, you need to configure them yourself.
- Monitor SPF Records: Regularly check and update your SPF record to ensure it remains accurate and includes all authorized sending sources.
- Reverse DNS: Setting up reverse DNS properly can improve email deliverability and is crucial for building trust with ISPs.
Marketer view
Email marketer from GMass shares that you can use SPF to allow the GMass servers to send emails appearing to come from your domain. This can improve your delivery rates, as SPF records help to confirm the email is coming from who it says it is.
18 May 2024 - GMass
Marketer view
Marketer from Email Geeks shares that instead of using CNAME for your bounce domain (in SparkPost terminology) you can just manually add the MX record, and set the SPF to point to just your dedicated IPs. However, if anything changes on your account and you get new IPs, it will be on you to remember to update the SPF!
20 Oct 2023 - Email Geeks
What the experts say
4 expert opinions
FCrDNS is important for verifying that the IP address sending email for your domain is authorized, impacting sender reputation. SPF prevents spammers from forging the 'From' address, and is part of an overall email authentication strategy that should include DMARC. For dedicated IPs, avoid using include: in SPF records and instead, list the specific IPs. Includes are outsourcing authority to a third party, so avoid using them if concerned about identity hijacking.
Key opinions
- FCrDNS Importance: FCrDNS helps mail servers verify that the sending IP is authorized.
- SPF Role: SPF prevents domain forging, improving deliverability.
- Dedicated IP SPF Configuration: For dedicated IPs, list IPs directly in the SPF record instead of using 'include:'.
- Includes Outsourcing: Using 'include:' outsources authority; avoid if concerned about identity hijacking.
- DMARC is important: SPF should be used in conjunction with DMARC for better protection
Key considerations
- Sender Reputation: Mismatched FCrDNS negatively impacts the email sender's reputation.
- Overall Strategy: SPF is part of a broader email authentication strategy.
- IP Management: Carefully manage your IPs and update the SPF record accordingly when using dedicated IPs.
- Risk Tolerance: Assess your risk tolerance before using include statements or CNAME in your SPF records.
Expert view
Expert from Word to the Wise explains that SPF helps in preventing spammers from forging the domain in the 'From' address. Word to the Wise highlights that SPF is only a part of an overall email authentication strategy, and that for the greatest protection, implement DMARC as well. (While this site doesn't directly address SparkPost SPF setup, it emphasizes the benefits of SPF in general email authentication.)
21 Sep 2023 - Word to the Wise
Expert view
Expert from Email Geeks explains that includes: are outsourcing the responsibility / authority to a 3rd party, making sense in many cases. However, if you’re that concerned about someone else hijacking your identity (and thus your reputation) then don’t use an include or a CNAME.
6 Dec 2023 - Email Geeks
What the documentation says
6 technical articles
SPF records authorize sending servers to send emails on behalf of your domain, improving deliverability by preventing spoofing and phishing. SparkPost configuration involves creating a TXT record with 'v=spf1 include:sparkpostmail.com -all'. Dedicated IPs, reverse DNS (rDNS) pointing back to your sending domain and warming up your IPs builds trust with ISPs and prevents outgoing emails from being marked as spam, especially when rDNS matches the HELO/EHLO statement.
Key findings
- SPF Authorization: SPF allows domain owners to authorize which mail servers can send email on their behalf.
- SparkPost SPF Setup: Create a TXT record in DNS with 'v=spf1 include:sparkpostmail.com -all' to authorize SparkPost.
- rDNS Verification: Reverse DNS lets mail servers verify hostnames associated with an IP address.
- Dedicated IP Warming: Dedicated IPs can be warmed up to build sending reputation.
- Prevent Spoofing: SPF prevents spoofing and phishing attempts by validating email origin.
Key considerations
- rDNS Matching: Set rDNS to match the domain used to send emails and the hostname in the HELO/EHLO statement.
- Ongoing Maintenance: Regularly monitor and update SPF records to reflect changes in sending infrastructure.
- Dedicated IP Reputation: Build and maintain a positive sending reputation when using dedicated IPs.
Technical article
Documentation from RFC Editor (RFC 7208) specifies that SPF allows domain owners to authorize which mail servers are permitted to send email on behalf of their domain. This helps prevent spoofing and improves deliverability by providing ISPs with a way to verify the authenticity of email messages.
2 May 2025 - RFC Editor
Technical article
Documentation from Microsoft explains that SPF records can help prevent spoofing and phishing attempts by validating the origin of emails sent from your domain. It helps improve deliverability by ensuring that receiving mail servers can verify that the email is coming from a trusted source.
22 Jan 2023 - Microsoft
Are SPF, DKIM, and DMARC as important in B2B as in B2C email marketing?
Do small email senders need their own SPF/DKIM records or can they rely on their ESP?
How can I ensure email compliance with Yahoo/Google rules including DMARC, SPF, and FcrDNS?
How do I properly set up SPF and DKIM records for email marketing, including handling multiple SPF records, IP ranges, bounce capturing, and Google Postmaster Tools verification?
How do SPF, DKIM, and DMARC email authentication standards work?
How do SPF records and DKIM keys work with multiple email services like Klaviyo and Shopify?
