Suped

Summary

SPF (Sender Policy Framework) checks are conducted against the domain used in the MAIL FROM address, also known as the Return-Path or envelope sender. This address is primarily used for handling bounce messages and error reporting. The Return-Path domain may differ from the From: address displayed to recipients. In specific scenarios, particularly historically with Microsoft, SPF checks might have also involved the 5321.from or 5322.from domains, but current standards primarily focus on the Return-Path.

Key findings

  • Primary Domain: SPF primarily authenticates the MAIL FROM (Return-Path) domain.
  • Bounce Handling: The Return-Path is essential for managing email bounces and error notifications.
  • Domain Variation: The Return-Path domain is not always the same as the From: domain that recipients see.
  • Microsoft Exception: Historically, Microsoft systems may have checked other domains (5321/5322.from) but the standard is MAIL FROM now.

Key considerations

  • DMARC Alignment: For DMARC alignment, ensure the domain validated by SPF aligns with the domain in the From: header.
  • Third-Party SPF: Adding third-party platform's SPF records to your domain might not always be effective and could lead to SPF lookup limitations.

What email marketers say

10 marketer opinions

SPF checks are performed against the Return-Path domain (also known as the MAIL FROM or envelope sender address), which is primarily used for handling bounce messages. This domain is not always the same as the From: address that recipients see.

Key opinions

  • Return-Path: SPF authenticates the domain found in the Return-Path address.
  • Bounce Handling: The Return-Path domain is mainly used for managing bounce messages.
  • Domain Discrepancy: The Return-Path domain can differ from the From: address displayed to recipients.

Key considerations

  • Third-Party Platforms: Including third-party platform's Return-Path domains in your SPF record may not be effective.
  • DMARC Alignment: For DMARC to pass alignment, the domain used in the SPF check must align with the domain in the From: header.

Marketer view

Email marketer from Mailhardener explains that SPF authenticates the Return-Path domain (also known as the envelope sender or MAIL FROM), which is used for handling bounces. It is different from the From: header, which is what recipients see.

26 Oct 2024 - Mailhardener

Marketer view

Email marketer from Reddit user SynapticSymmetry explains that SPF checks the Return-Path domain, which is often different from the From: domain. The Return-Path is used for bounces and other machine-to-machine communication.

31 Dec 2022 - Reddit

What the experts say

3 expert opinions

SPF checks are primarily conducted against the domain used in the MAIL FROM (Return-Path) address, which is used for handling bounce messages. The SPF protocol also specifies checks against the 5321.from, and in cases with a null sender, the HELO/EHLO value. Older practices recommended SPF records in both 5321.from and 5322.from due to Microsoft's past checks against the 5322.from.

Key opinions

  • MAIL FROM (Return-Path): SPF is primarily checked against the MAIL FROM or Return-Path domain.
  • 5321.from and HELO/EHLO: The SPF protocol specifies checks against the 5321.from and HELO/EHLO values when there is a null sender.
  • Historical Context: Older recommendations included adding SPF records to both 5321.from and 5322.from due to Microsoft's past checks against the 5322.from.

Key considerations

  • Bounce Handling: The Return-Path domain is crucial as it's used for bounce messages.
  • Microsoft Delivery: Publishing in 5322.from is generally not recommended unless there's a specific delivery issue with Microsoft that needs to be resolved.

Expert view

Expert from Email Geeks explains the SPF protocol specifies SPF checks against the 5321.from and, in the case of mail with a null sender, the HELO/EHLO value. She also references past discussions where Microsoft used SPF checks against the 5322.from, leading to recommendations for SPF in both.

27 Mar 2025 - Email Geeks

Expert view

Expert from Word to the Wise mentions that SPF authenticates the Return-Path, also known as the envelope sender or MAIL FROM. This is the address to which bounce messages are sent.

1 Aug 2022 - Word to the Wise

What the documentation says

4 technical articles

SPF checks are performed against the domain present in the MAIL FROM address, also known as the Return-Path or envelope sender. This address is primarily used for handling bounced emails and error reporting. For DMARC alignment, it is important that the domain used for the SPF check matches the domain in the From: header.

Key findings

  • MAIL FROM/Return-Path: SPF authenticates the domain found in the MAIL FROM (Return-Path) address.
  • Bounce Handling: The MAIL FROM/Return-Path address is used for sending bounce messages.
  • Error Reporting: The Return-Path is also used for error reporting during email delivery.

Key considerations

  • DMARC Alignment: To achieve DMARC alignment, ensure the SPF-checked domain aligns with the domain in the From: header.

Technical article

Documentation from DMARC.org explains that SPF authenticates the domain used to send the message (the envelope from address, also known as the Return-Path).

12 Oct 2021 - DMARC.org

Technical article

Documentation from Microsoft Learn explains that SPF checks the domain used in the MAIL FROM address (also known as the envelope sender or Return-Path). This is the address where bounce messages are sent.

16 Oct 2021 - Microsoft Learn

Start improving your email deliverability today

Get a demo