Against which domain is SPF checked?
Summary
What email marketers say10Marketer opinions
Email marketer from Mailhardener explains that SPF authenticates the Return-Path domain (also known as the envelope sender or MAIL FROM), which is used for handling bounces. It is different from the From: header, which is what recipients see.
Email marketer from Reddit user SynapticSymmetry explains that SPF checks the Return-Path domain, which is often different from the From: domain. The Return-Path is used for bounces and other machine-to-machine communication.
Email marketer from AuthSMTP responds that SPF checks the 'envelope from' address (Return-Path), which is where bounces are sent. This is different from the 'header from' address that recipients see.
Email marketer from EasyDMARC shares that SPF checks the domain in the Return-Path, which specifies where bounces should be sent. This is compared against the sending server's IP address.
Email marketer from GlockApps shares that SPF checks the domain used in the MAIL FROM address (Return-Path), which is not always the same as the domain displayed in the From: field.
Email marketer from SendLayer explains that SPF authenticates the 'MAIL FROM' domain, also known as the Return-Path or envelope sender, used for bounce messages.
Email marketer from Stack Overflow answers that SPF checks the Return-Path address to find out the relevant domain.
Email marketer from MXToolbox explains that SPF validates the domain in the 'envelope from' address (Return-Path), which is used for bounce messages.
Email marketer from SuperOffice explains that SPF verifies the 'MAIL FROM' domain (Return-Path). This domain is often different from the 'From:' header and is primarily used for handling bounces.
Marketer from Email Geeks shares that SPF just checks against the Return-Path domain and including third-party platforms' Return-Path domain in your own domain's SPF won't help.
What the experts say3Expert opinions
Expert from Email Geeks explains the SPF protocol specifies SPF checks against the 5321.from and, in the case of mail with a null sender, the HELO/EHLO value. She also references past discussions where Microsoft used SPF checks against the 5322.from, leading to recommendations for SPF in both.
Expert from Word to the Wise mentions that SPF authenticates the Return-Path, also known as the envelope sender or MAIL FROM. This is the address to which bounce messages are sent.
Expert from Spamresource.com explains that SPF checks are performed against the domain used in the MAIL FROM (Return-Path) address.
What the documentation says4Technical articles
Documentation from DMARC.org explains that SPF authenticates the domain used to send the message (the envelope from address, also known as the Return-Path).
Documentation from Microsoft Learn explains that SPF checks the domain used in the MAIL FROM address (also known as the envelope sender or Return-Path). This is the address where bounce messages are sent.
Documentation from RFC 7208 explains that SPF authentication occurs against the MAIL FROM identity, also known as the envelope sender or Return-Path. This address is used for error reporting.
Documentation from Google Workspace Admin Help explains that SPF checks the domain in the 'MAIL FROM' or 'Return-Path' address of the email, used for bounce handling. It also notes that for SPF to pass alignment for DMARC, the domain used in the SPF check must match the domain in the 'From:' header.