What is the value of setting up an SPF record when ActiveCampaign already manages it?
Michael Ko
Co-founder & CEO, Suped
Published 14 Jun 2025
Updated 19 Aug 2025
7 min read
Many email service providers (ESPs), including ActiveCampaign, state that they manage SPF for you. This can be confusing. My clients often ask, "If ActiveCampaign handles SPF, do I still need to set up my own SPF record?" The short answer is yes, there's significant value in doing so, primarily for email authentication and overall deliverability, especially when you consider DMARC. Understanding the nuances of how SPF works, particularly with different domains involved in email sending, is key to ensuring your messages reach the inbox reliably.
The confusion arises because ActiveCampaign (and other ESPs) typically manage the SPF record for the RFC 5321 MAIL FROM address, also known as the Return-Path or Envelope From. This is the address where bounces and other non-delivery reports are sent. By default, ActiveCampaign uses its own domain for this, which means the SPF check for that domain will pass.
However, the email address your recipients actually see in their inbox is the RFC 5322 From header, which uses your domain. For full email authentication, particularly with DMARC, it's crucial for these two domains (RFC 5321 MAIL FROM and RFC 5322 From) to align, or for the DKIM domain to align with the RFC 5322 From domain. This is often referred to as domain alignment.
Therefore, while ActiveCampaign ensures SPF passes for their own bounce-processing domain, setting up your own SPF record is essential if you want your From address domain to also pass SPF and align properly for robust email security and deliverability.
When ActiveCampaign says they manage SPF for you, it means they handle the SPF record for the domain used in the MAIL FROM address. This is often a subdomain owned by ActiveCampaign, like bounce.activecampaign.com, which they configure to include their sending IP addresses. This ensures that the SPF check for their domain passes, allowing them to manage bounces and maintain their sending reputation.
However, this default setup doesn't provide SPF alignment for your domain, which is used in the From header. When the MAIL FROM domain and the From domain are different, SPF alone cannot provide the necessary authentication for your brand's domain. This is where the concept of DMARC and its alignment requirements become critical.
The two types of domains in email
RFC 5321 MAIL FROM (Return-Path): This is the technical sender address used by mail servers to handle automated replies and bounces. ActiveCampaign manages this domain and its SPF record by default, often using a domain like emsd1.com or similar.
RFC 5322 From (Header From): This is the friendly From address that appears to your recipients. This is your domain, and its authentication is vital for your brand's reputation and deliverability.
While ActiveCampaign's default SPF setup handles the Return-Path, it doesn't directly authenticate your From domain via SPF. For robust authentication, you need to ensure either SPF or DKIM alignment for your From domain, especially if you plan to implement DMARC.
Why SPF alignment matters for your domain
The primary reason to set up your own SPF record, even if ActiveCampaign manages it, is for domain alignment. Domain alignment is a core principle of DMARC, a crucial email authentication protocol. DMARC requires that either your SPF or DKIM record aligns with your From domain. If ActiveCampaign uses its own Return-Path domain, your SPF won't align with your From domain, meaning DMARC will rely solely on DKIM for authentication.
Having both SPF and DKIM aligned and passing greatly strengthens your email authentication posture. This dual authentication sends a stronger signal to mailbox providers like Gmail and Outlook.com that your emails are legitimate, making them less likely to be flagged as spam or phishing. It significantly improves your overall email deliverability and sender reputation.
Even if your DMARC policy is set to p=none and you're not actively enforcing DMARC, aligning SPF with your From domain still provides significant benefits. It adds another layer of verification that your domain is authorized to send emails, further reducing the chances of your emails being treated as spam or falling prey to spoofing attacks. The goal is always to maximize your chances of getting into the inbox, and comprehensive authentication is a key part of that.
SPF alignment
ActiveCampaign's default setup uses their domain in the MAIL FROM, leading to a non-aligned SPF. This means DMARC relies solely on DKIM for authentication, potentially weakening your overall email security posture for your main domain.
Brand visibility & trust
When SPF and DKIM are both aligned to your domain, it provides a consistent brand identity across all technical email headers. This strengthens recipient trust and reduces the likelihood of emails being flagged as suspicious by receiving mail servers.
When to set up your own SPF record
To achieve SPF alignment for your From address domain with ActiveCampaign, you generally need to enable a feature within ActiveCampaign that allows you to manage your own email authentication. This typically involves updating your DNS records to include ActiveCampaign's SPF mechanism within your domain's SPF record. ActiveCampaign refers to this as setting up a custom return-path or email authentication. You can read more about setting up your sending domain with ActiveCampaign.
Be mindful of the 10 DNS lookup limit for SPF records. If you use multiple email sending services, you'll need to merge them into a single SPF record to avoid issues. Incorrectly configured SPF records can lead to deliverability problems, where legitimate emails might fail SPF checks and end up in spam folders or be rejected entirely.
A typical SPF record for a domain using ActiveCampaign for its custom return path might look like this:
Example SPF RecordDNS
v=spf1 include:activecampaign.com ~all
However, ActiveCampaign sometimes uses a different subdomain for the return path like emsd1.com, in which case your record might look like this:
Always align your SPF record with your 'From' domain for better brand trust.
Combine SPF, DKIM, and DMARC for a stronger email authentication posture.
Ensure your SPF record includes all authorized sending IP addresses to prevent failures.
Verify your SPF record after any changes to confirm correct configuration.
Common pitfalls
Relying solely on an ESP's SPF management without checking your own domain alignment.
Exceeding the 10 DNS lookup limit in your SPF record, leading to validation errors.
Not configuring SPF and DKIM before setting up DMARC, which can cause deliverability issues.
Assuming DMARC will pass based on a non-aligned SPF record without DKIM alignment.
Expert tips
If your ESP handles the Return-Path with their domain, focusing on DKIM alignment for your From domain can be sufficient for DMARC.
While separate domains for MAIL FROM and From work, full domain alignment (including tracking URLs) can be clearer for spam filters.
Always check with your ESP for the specific SPF includes required for custom authentication setups.
Remember that the SPF record only applies to the RFC5321.MAIL FROM domain, not necessarily your visible From address.
Expert view
Expert from Email Geeks says that setting up an SPF record will only affect the RFC5321.MAIL FROM domain. ActiveCampaign likely uses its own domain for the MAIL FROM, and that domain has a proper MX record for bounce processing. Therefore, their SPF will pass, but it won't necessarily align with your RFC5322.From domain.
2023-03-28 - Email Geeks
Expert view
Expert from Email Geeks notes that if you want full alignment across RFC5322.From, DKIM d=, and RFC5321.MAIL FROM domains, ActiveCampaign might not offer that option by default. However, having a DKIM signature with the same domain as the From field is often enough for DMARC alignment, even if SPF is not aligned.
2023-03-28 - Email Geeks
Maximizing your email authentication
While ActiveCampaign handles SPF for its own internal bounce-processing domain, the true value of setting up your own SPF record lies in achieving SPF alignment for your primary From domain. This alignment is critical for robust DMARC implementation and significantly boosts your email deliverability and sender reputation.
Relying solely on an ESP's default SPF management can leave your domain vulnerable to spoofing and phishing attempts, even if your emails technically pass SPF. For optimal results, actively manage your domain's SPF and DKIM records to ensure they align with your From domain, especially if you're working towards a strong DMARC policy.
By taking control of your SPF record and ensuring proper alignment, you are building a more secure and reputable email sending infrastructure, leading to better inbox placement and increased trust from mailbox providers and recipients alike. Always combine SPF with DKIM and DMARC for the most comprehensive email authentication strategy.
Gmail and 
Outlook.com that your emails are legitimate, making them less likely to be flagged as spam or phishing. It significantly improves your overall email deliverability and sender reputation.
