Summary
Pardot and ExactTarget, now known as Salesforce Marketing Cloud, are both integral components of the Salesforce ecosystem, serving distinct yet complementary email marketing functions. Organizations often utilize Pardot for B2B marketing automation and lead nurturing, while Marketing Cloud handles broader B2C campaigns, high-volume sends, or transactional emails. Because all these services send emails on behalf of the same brand domain, their respective sending infrastructures must be explicitly authorized within a single SPF (Sender Policy Framework) record. This inclusion, typically through 'include' mechanisms like '_spf.pardot.com' and '_spf.mktomail.com' or a consolidated '_spf.salesforce.com', is essential for proper email authentication. It ensures that emails originating from either platform pass validation checks, thereby preventing them from being flagged as spoofed, marked as spam, or leading to increased bounce rates, ultimately safeguarding sender reputation and deliverability.
Key findings
- Salesforce Ownership: Pardot and ExactTarget (now Marketing Cloud) are both owned by Salesforce and are often used by organizations within the broader Salesforce ecosystem.
- Diverse Use Cases: Companies frequently use Pardot for B2B lead nurturing and marketing automation, while leveraging Marketing Cloud for broader B2C campaigns, high-volume transactional sends, or mass email outreach.
- Single SPF Record: Email authentication protocols, including SPF, require a single, comprehensive SPF record per domain to list all authorized sending sources.
- Ensured Authentication: Including specific SPF mechanisms for both platforms, such as 'include:_spf.pardot.com' and 'include:_spf.mktomail.com', within the domain's SPF record is crucial for proper email authentication and to prevent legitimate emails from being flagged as spam or spoofed.
- Consolidated Infrastructure: The consolidation under Salesforce often means their email sending infrastructure is unified under a mechanism like 'include:_spf.salesforce.com', which covers various IP ranges used by Salesforce services, ensuring validation within the same SPF record.
Key considerations
- Verify Before Removal: Never remove SPF records without first verifying with your marketing partner or IT team to avoid disrupting email deliverability.
- DNS Lookup Limit: Be mindful of the 10 DNS lookup limit for SPF records; while including both Pardot and Marketing Cloud typically fits, complex setups might require careful management.
- Comprehensive Inclusion: Ensure your single SPF record comprehensively lists all authorized email sending services, not just Salesforce products, to maintain a strong sender reputation.
- Impact on Reputation: Incomplete SPF records can severely damage sender reputation and lead to increased bounce rates or emails landing in spam folders.
What email marketers say
11 marketer opinions
The inclusion of both Pardot and ExactTarget (now Salesforce Marketing Cloud) within a single SPF record is a common and necessary practice for organizations utilizing these distinct, Salesforce-owned email platforms. Companies often leverage Pardot for B2B marketing automation and lead nurturing, while Marketing Cloud manages broader B2C campaigns, high-volume transactional emails, or mass outreach. Since both platforms send emails on behalf of the same domain, their respective sending infrastructures must be explicitly authorized in the domain's SPF record. This comprehensive listing ensures that all emails originating from either service pass authentication checks, which is critical for maintaining sender reputation and preventing legitimate messages from being flagged as spam or rejected.
Key opinions
- Salesforce Ecosystem: Pardot and ExactTarget (now Marketing Cloud) are both components of the broader Salesforce ecosystem, frequently used in tandem by organizations for various email marketing needs.
- Distinct Functions: Companies often employ Pardot for B2B lead nurturing and marketing automation, while utilizing Marketing Cloud for B2C campaigns, high-volume sends, or transactional emails.
- Single Domain Authentication: Despite their different functions, both services send emails on behalf of the same brand domain, requiring their explicit inclusion within a single, consolidated SPF record for proper authentication.
- Ensured Deliverability: Including both services' SPF mechanisms is crucial to ensure emails pass authentication checks, preventing them from being marked as suspicious, sent to spam, or leading to delivery failures.
- Technical Necessity: The inclusion of both SPF 'include' mechanisms (e.g., '_spf.pardot.com' and '_spf.mktomail.com') validates all emails originating from these Salesforce products, safeguarding email deliverability and sender reputation.
Key considerations
- Verify Before Change: Always consult with your marketing partner or IT team before making any changes to SPF records to avoid unintended disruptions in email deliverability.
- DNS Lookup Limit: Organizations must be mindful of the 10 DNS lookup limit for SPF records; while including both Pardot and Marketing Cloud typically fits, more complex configurations might necessitate careful management.
- Complete Sender Authorization: The SPF record should comprehensively list all legitimate email sending services used by your domain, ensuring every platform is authorized to prevent deliverability issues.
- Reputation Impact: Incomplete or incorrect SPF records can negatively impact sender reputation, leading to increased bounce rates, emails being flagged as spam, or outright rejection by recipient servers.
Marketer view
Email marketer from Email Geeks explains that ExactTarget and Pardot were separate companies acquired by Salesforce, which perform different functions and do not always share sending IPs. He advises contacting the marketing partner for clarification and not to remove records without verification. He also corrects the typo in the original domain name, confirming exacttarget.com is active.
3 Jun 2023 - Email Geeks
Marketer view
Email marketer from Email Geeks shares that Pardot sends messages using Marketing Cloud IPs.
1 Nov 2023 - Email Geeks
What the experts say
1 expert opinions
The integration of Pardot and ExactTarget, now branded as Salesforce Marketing Cloud, into a single SPF record stems directly from their shared ownership by Salesforce. This commonality leads to a consolidated email sending infrastructure, often managed through a unified SPF mechanism like include:_spf.salesforce.com. This record is designed to cover the diverse IP ranges used by various Salesforce services, ensuring that emails sent from both Pardot and Salesforce Marketing Cloud are properly authenticated within the same SPF validation framework.
Key opinions
- Salesforce Commonality: Pardot and ExactTarget (now Salesforce Marketing Cloud) are both products under the Salesforce umbrella.
- Ownership-Driven Consolidation: Their shared ownership by Salesforce is the fundamental reason for consolidating their email sending infrastructure.
- Unified SPF Mechanism: This consolidation often results in a single, unified SPF mechanism, such as include:_spf.salesforce.com.
- Comprehensive IP Coverage: The _spf.salesforce.com record is designed to encompass the various IP ranges utilized by different Salesforce services.
- Single Record Validation: This unified approach allows emails from both Pardot and Salesforce Marketing Cloud to be validated efficiently within the same SPF record.
Key considerations
- Maintain Accurate SPF: Ensure your SPF record accurately reflects all authorized Salesforce sending services, avoiding omissions that could impact deliverability.
- DNS Lookup Management: Be mindful of the 10 DNS lookup limit for SPF records, as adding numerous includes can exceed this, requiring careful management.
- Verification of Changes: Always consult with your IT or email deliverability team before modifying SPF records to prevent unintentional service disruptions.
- Deliverability Impact: An incorrect or incomplete SPF record can significantly harm your sender reputation, increasing the likelihood of emails landing in spam folders or being rejected.
Expert view
Expert from Word to the Wise explains that Pardot and ExactTarget (now Salesforce Marketing Cloud) are both Salesforce products. Due to their common ownership by Salesforce, their email sending infrastructure is often consolidated under a unified SPF mechanism. This typically involves using an `include:_spf.salesforce.com` record, which covers the various IP ranges utilized by different Salesforce services, including those for both Pardot and Salesforce Marketing Cloud, allowing them to be validated within the same SPF record.
23 Sep 2024 - Word to the Wise
What the documentation says
5 technical articles
Organizations often leverage Salesforce's Pardot for B2B automation and Marketing Cloud for broader B2C campaigns. Despite their differing roles, both platforms send emails on behalf of the same brand domain. Therefore, it's critical that their specific sending mechanisms are explicitly authorized within a single, comprehensive SPF (Sender Policy Framework) record. This essential step ensures proper email authentication for all outbound messages, preventing legitimate emails from being flagged as spoofed or spam, which in turn safeguards sender reputation and deliverability.
Key findings
- Unified Authorization: A domain's SPF record must be singular and comprehensive, listing all authorized IP addresses or domains permitted to send email on its behalf.
- Dual Platform Use: Companies frequently use both Pardot (often for sales or B2B marketing) and Marketing Cloud (for broader marketing or B2C campaigns) to send emails under the same domain.
- Essential Authentication: Explicitly including SPF mechanisms, such as 'include:_spf.pardot.com' and 'include:_spf.mktomail.com', is essential for authenticating emails sent from both platforms.
- Deliverability Safeguard: This comprehensive inclusion prevents legitimate emails from being flagged as spoofed or spam, ensuring they reach their intended recipients and maintaining deliverability.
- DMARC Foundation: A correctly configured SPF record, encompassing all sending services, is foundational for DMARC policy enforcement and robust email validation.
Key considerations
- Holistic SPF Record: Your SPF record must holistically authorize all services that send email on behalf of your domain, ensuring no legitimate sender is omitted.
- DNS Lookup Limit: Be mindful of the SPF DNS lookup limit, typically 10; extensive 'include' statements can exceed this, potentially requiring optimization of your record.
- Deliverability Risk: Failing to include a legitimate sending service in your SPF record can lead to emails being rejected, flagged as spam, or negatively impacting your sender reputation.
- Expert Consultation: Always consult with your email deliverability or IT team before modifying SPF records to prevent unintended disruptions to your email flow.
Technical article
Documentation from Salesforce Help explains that when an organization uses both Pardot and Marketing Cloud, they must include specific SPF mechanisms for both platforms, such as 'include:_spf.pardot.com' and 'include:_spf.mktomail.com', within their domain's single SPF record to ensure email authentication for all outbound sends.
12 Apr 2022 - Salesforce Help
Technical article
Documentation from M3AAWG Best Practices explains that SPF records are designed to list all authorized IP addresses or domains permitted to send email on behalf of a specific domain. If a company uses different services, such as Pardot for sales and Marketing Cloud for marketing, both must be explicitly included in the domain's SPF record to prevent legitimate emails from being flagged as spoofed or spam.
6 Oct 2024 - Messaging, Malware and Mobile Anti-Abuse Working Group (M3AAWG)
How do I set up an SPF record when using multiple email sending services?
How do I troubleshoot SPF validation errors in Pardot?
How do SPF records and DKIM keys work with multiple email services like Klaviyo and Shopify?
Should SPF records match the 'From:' address or the Return-Path domain when sending from Marketo?
Why are ESPs recommending incorrect SPF record configurations?
Why do some ESPs recommend SPF records when they are not needed?
