SPF (Sender Policy Framework) checks are conducted against the domain used in the MAIL FROM address, also known as the Return-Path or envelope sender. This address is primarily used for handling bounce messages and error reporting. The Return-Path domain may differ from the From: address displayed to recipients. In specific scenarios, particularly historically with Microsoft, SPF checks might have also involved the 5321.from or 5322.from domains, but current standards primarily focus on the Return-Path.
10 marketer opinions
SPF checks are performed against the Return-Path domain (also known as the MAIL FROM or envelope sender address), which is primarily used for handling bounce messages. This domain is not always the same as the From: address that recipients see.
Marketer view
Email marketer from Mailhardener explains that SPF authenticates the Return-Path domain (also known as the envelope sender or MAIL FROM), which is used for handling bounces. It is different from the From: header, which is what recipients see.
26 Oct 2024 - Mailhardener
Marketer view
Email marketer from Reddit user SynapticSymmetry explains that SPF checks the Return-Path domain, which is often different from the From: domain. The Return-Path is used for bounces and other machine-to-machine communication.
31 Dec 2022 - Reddit
3 expert opinions
SPF checks are primarily conducted against the domain used in the MAIL FROM (Return-Path) address, which is used for handling bounce messages. The SPF protocol also specifies checks against the 5321.from, and in cases with a null sender, the HELO/EHLO value. Older practices recommended SPF records in both 5321.from and 5322.from due to Microsoft's past checks against the 5322.from.
Expert view
Expert from Email Geeks explains the SPF protocol specifies SPF checks against the 5321.from and, in the case of mail with a null sender, the HELO/EHLO value. She also references past discussions where Microsoft used SPF checks against the 5322.from, leading to recommendations for SPF in both.
27 Mar 2025 - Email Geeks
Expert view
Expert from Word to the Wise mentions that SPF authenticates the Return-Path, also known as the envelope sender or MAIL FROM. This is the address to which bounce messages are sent.
1 Aug 2022 - Word to the Wise
4 technical articles
SPF checks are performed against the domain present in the MAIL FROM address, also known as the Return-Path or envelope sender. This address is primarily used for handling bounced emails and error reporting. For DMARC alignment, it is important that the domain used for the SPF check matches the domain in the From: header.
Technical article
Documentation from DMARC.org explains that SPF authenticates the domain used to send the message (the envelope from address, also known as the Return-Path).
12 Oct 2021 - DMARC.org
Technical article
Documentation from Microsoft Learn explains that SPF checks the domain used in the MAIL FROM address (also known as the envelope sender or Return-Path). This is the address where bounce messages are sent.
16 Oct 2021 - Microsoft Learn
How do SPF, DKIM, and DMARC email authentication standards work?
How can I improve SPF alignment and email deliverability when using Hubspot?
Are SPF, DKIM, and DMARC as important in B2B as in B2C email marketing?
How do SPF, DKIM, and DMARC affect email deliverability with Cvent?
How do I properly set up SPF and DKIM records for email marketing, including handling multiple SPF records, IP ranges, bounce capturing, and Google Postmaster Tools verification?
Does unaligned SPF affect Gmail performance and domain reputation?
How do SPF records and DKIM keys work with multiple email services like Klaviyo and Shopify?
Do SPF and DKIM records need to be aligned for all email service providers?
What are SPF, DKIM, and DMARC, and when are they needed?