What is the value of setting up an SPF record when ActiveCampaign already manages it?

Key findings

• Default SPF management: ActiveCampaign typically manages SPF by sending emails through their own infrastructure and using their domain for the MAIL FROM address. This ensures SPF passes for their sending domain.
• Your SPF record: Unless ActiveCampaign uses your domain in the MAIL FROM path, your domain's SPF record won't directly impact SPF authentication for emails sent via ActiveCampaign's default setup.
• DMARC alignment: For DMARC to pass, either SPF or DKIM must align with your 'From' domain. If SPF alignment isn't achieved (because ActiveCampaign uses its own MAIL FROM domain), DKIM alignment becomes crucial. See our guide on DMARC, SPF, and DKIM for more details.
• Custom DKIM: Setting up custom DKIM records provided by ActiveCampaign for your 'From' domain is usually sufficient for DMARC to pass and is generally more impactful for your sender reputation than SPF when the MAIL FROM domain is managed by the ESP.

Key considerations

• Clarity of 'managing SPF': The phrase "we manage SPF for you" can be misleading. It implies SPF authentication occurs on the ESP's domain, not necessarily your own. Understand the impact of the 'From' domain on SPF when an ESP uses its own domain for the Return-Path.
• Enterprise features: ActiveCampaign and other ESPs often offer SPF alignment (where your domain is used for the Return-Path) as part of higher-tier or enterprise packages, but it may not be necessary if DKIM alignment is in place.
• Multiple sending services: If you use other services to send emails from the same domain, you will need to set up SPF records that include all authorized senders. Combining SPF records properly is crucial to avoid issues.
• Impact on deliverability: Proper email authentication, including SPF and DKIM, contributes to improved sender reputation and inbox placement, even if the SPF record itself isn't directly authenticating your 'From' domain for ActiveCampaign sends.

Key opinions

• Confusion around SPF management: Many marketers find ESP statements like "we manage SPF for you" misleading, as it doesn't clearly explain the technical implications for their own domain's authentication.
• DKIM's primary role: There's a strong belief that having a custom DKIM setup is sufficient for domain authentication and DMARC passing when an ESP handles the SPF (Return-Path) via its own domain.
• Proactive SPF addition: Some marketers add the ESP's SPF record to their own domain's DNS out of caution, even if the ESP states it's not strictly necessary, to prevent potential DMARC failures, especially if certain authentication settings are enabled.
• Importance of full alignment: While not always tangibly different in deliverability, some marketers prefer full domain alignment (including SPF and tracking URLs) for better clarity and less confusion for spam filters.

Key considerations

• Default vs. Custom Authentication: ActiveCampaign's default setup is designed to ensure deliverability, but marketers often seek greater control and alignment through custom DKIM and, where possible, SPF. For a deeper dive into deliverability issues, read our article, Why Your Emails Are Going to Spam.
• Understanding DMARC requirements: Marketers must understand that DMARC only requires *one* of SPF or DKIM to align. If ActiveCampaign manages the SPF for the Return-Path domain, custom DKIM for the 'From' domain is critical for DMARC. Learn more about how DMARC improves deliverability.
• Monitoring authentication status: Regardless of ESP claims, regularly monitoring your email authentication status, including SPF, DKIM, and DMARC, is essential for maintaining strong sender reputation and avoiding blocklists (blacklists).
• Avoiding unnecessary complexity: While some ESPs might recommend unnecessary SPF includes for DKIM, it's generally best to stick to the minimal necessary setup to avoid DNS lookup limits and potential issues. For example, some ESPs provide misleading advice that results in SPF DNS timeouts.

Key opinions

• SPF scope: Experts emphasize that an SPF record only applies to the rfc5321.MAIL FROM domain. If ActiveCampaign uses its own domain for this, your domain's SPF record is not directly checked.
• DMARC flexibility: DMARC only requires SPF *or* DKIM alignment. If DKIM is properly set up and aligns with your 'From' domain, DMARC will pass regardless of the SPF (Return-Path) domain.
• Misleading terminology: The phrase "managing SPF" by ESPs can be confusing. It implies they handle the technical aspects of SPF for the sending domain they control, not necessarily for your 'From' domain in a way that provides SPF alignment.
• No tangible difference: While full domain alignment (including SPF and tracking domains) is often seen as ideal for clarity, experts generally agree there's no noticeable deliverability difference when the MAIL FROM domain is different from the 'From' domain, as long as DKIM aligns.

Key considerations

• Focus on DKIM: For most ActiveCampaign users, prioritizing custom DKIM setup for their 'From' domain is the most effective way to achieve DMARC compliance and improve deliverability, even without SPF alignment. This also helps when Google Postmaster Tools reports SPF failures.
• Enterprise vs. Standard features: Recognize that 'custom Return-Path setup' (which enables SPF alignment for your domain) is often an expensive enterprise-level feature, and may not be worth the cost if DKIM already provides DMARC authentication.
• Domain reputation: Strong authentication, via DKIM and DMARC, is crucial for building and maintaining a positive domain reputation with mailbox providers. This impacts whether your emails land in the inbox or are flagged as spam or blocklisted (blacklisted).
• Avoiding unnecessary SPF records: Unless a specific need for SPF alignment is identified or an ESP explicitly requires it for a custom setup, adding an SPF record for an ESP's own domain to your 'From' domain's DNS is often redundant and can lead to issues like DNS lookup limits. This is also why some ESPs recommend SPF records even when not needed.

Key findings

• SPF and Return-Path: Documentation confirms that SPF authentication checks the domain specified in the `Return-Path` (also known as `MAIL FROM` or envelope sender) address. When an ESP manages SPF, it is typically for this domain, which often belongs to the ESP itself.
• DMARC and alignment: DMARC requires either SPF alignment (where the `Return-Path` domain aligns with the `From` domain) or DKIM alignment (where the DKIM `d=` tag domain aligns with the `From` domain). ESPs commonly provide custom DKIM to achieve DMARC alignment.
• Domain authentication options: ESPs like ActiveCampaign offer methods for senders to authenticate their own domains, primarily through DKIM setup. This gives senders control over their 'From' domain's reputation.
• SPF as a secondary layer: While SPF is fundamental, its role in authenticating your 'From' domain via an ESP's default setup is often indirect, as the primary authentication for DMARC typically falls on DKIM when the Return-Path is ESP-managed. To fully understand SPF's role, review ActiveCampaign's help documentation on domains.

Key considerations

• Adhering to RFCs: Email authentication standards like SPF, DKIM, and DMARC are defined by RFCs. ESPs design their systems to comply with these, ensuring that emails are verifiable even when the 'From' domain differs from the 'Return-Path' domain. Our guide on RFC 5322 provides more detail.
• Understanding default behaviors: Documentation often clarifies that ESPs handle bounces and SPF via their own domains by default. This setup ensures basic deliverability without requiring extensive DNS configuration from the user.
• Implications for DMARC: The primary reason for a sender to configure their own SPF record with an ESP's information (or to seek SPF alignment) is usually to satisfy DMARC requirements when DKIM alignment is not an option or as an additional layer of authentication. However, DKIM alignment is typically sufficient.
• Updates and changes: Documentation may be updated to reflect changes in how ESPs handle authentication, such as ActiveCampaign's update regarding the removal of unnecessary SPF record presentations. Staying informed through official channels is important.