Against which domain is SPF checked?

Summary

SPF (Sender Policy Framework) checks are conducted against the domain used in the MAIL FROM address, also known as the Return-Path or envelope sender. This address is primarily used for handling bounce messages and error reporting. The Return-Path domain may differ from the From: address displayed to recipients. In specific scenarios, particularly historically with Microsoft, SPF checks might have also involved the 5321.from or 5322.from domains, but current standards primarily focus on the Return-Path.

Key findings

  • Primary Domain: SPF primarily authenticates the MAIL FROM (Return-Path) domain.
  • Bounce Handling: The Return-Path is essential for managing email bounces and error notifications.
  • Domain Variation: The Return-Path domain is not always the same as the From: domain that recipients see.
  • Microsoft Exception: Historically, Microsoft systems may have checked other domains (5321/5322.from) but the standard is MAIL FROM now.

Key considerations

  • DMARC Alignment: For DMARC alignment, ensure the domain validated by SPF aligns with the domain in the From: header.
  • Third-Party SPF: Adding third-party platform's SPF records to your domain might not always be effective and could lead to SPF lookup limitations.

What email marketers say
10Marketer opinions

SPF checks are performed against the Return-Path domain (also known as the MAIL FROM or envelope sender address), which is primarily used for handling bounce messages. This domain is not always the same as the From: address that recipients see.

Key opinions

  • Return-Path: SPF authenticates the domain found in the Return-Path address.
  • Bounce Handling: The Return-Path domain is mainly used for managing bounce messages.
  • Domain Discrepancy: The Return-Path domain can differ from the From: address displayed to recipients.

Key considerations

  • Third-Party Platforms: Including third-party platform's Return-Path domains in your SPF record may not be effective.
  • DMARC Alignment: For DMARC to pass alignment, the domain used in the SPF check must align with the domain in the From: header.
Marketer view

Email marketer from Mailhardener explains that SPF authenticates the Return-Path domain (also known as the envelope sender or MAIL FROM), which is used for handling bounces. It is different from the From: header, which is what recipients see.

January 2024 - Mailhardener
Marketer view

Email marketer from Reddit user SynapticSymmetry explains that SPF checks the Return-Path domain, which is often different from the From: domain. The Return-Path is used for bounces and other machine-to-machine communication.

October 2023 - Reddit
Marketer view

Email marketer from AuthSMTP responds that SPF checks the 'envelope from' address (Return-Path), which is where bounces are sent. This is different from the 'header from' address that recipients see.

October 2021 - AuthSMTP
Marketer view

Email marketer from EasyDMARC shares that SPF checks the domain in the Return-Path, which specifies where bounces should be sent. This is compared against the sending server's IP address.

January 2023 - EasyDMARC
Marketer view

Email marketer from GlockApps shares that SPF checks the domain used in the MAIL FROM address (Return-Path), which is not always the same as the domain displayed in the From: field.

July 2021 - GlockApps
Marketer view

Email marketer from SendLayer explains that SPF authenticates the 'MAIL FROM' domain, also known as the Return-Path or envelope sender, used for bounce messages.

December 2024 - SendLayer
Marketer view

Email marketer from Stack Overflow answers that SPF checks the Return-Path address to find out the relevant domain.

August 2021 - Stack Overflow
Marketer view

Email marketer from MXToolbox explains that SPF validates the domain in the 'envelope from' address (Return-Path), which is used for bounce messages.

January 2022 - MXToolbox
Marketer view

Email marketer from SuperOffice explains that SPF verifies the 'MAIL FROM' domain (Return-Path). This domain is often different from the 'From:' header and is primarily used for handling bounces.

December 2021 - SuperOffice
Marketer view

Marketer from Email Geeks shares that SPF just checks against the Return-Path domain and including third-party platforms' Return-Path domain in your own domain's SPF won't help.

October 2021 - Email Geeks

What the experts say
3Expert opinions

SPF checks are primarily conducted against the domain used in the MAIL FROM (Return-Path) address, which is used for handling bounce messages. The SPF protocol also specifies checks against the 5321.from, and in cases with a null sender, the HELO/EHLO value. Older practices recommended SPF records in both 5321.from and 5322.from due to Microsoft's past checks against the 5322.from.

Key opinions

  • MAIL FROM (Return-Path): SPF is primarily checked against the MAIL FROM or Return-Path domain.
  • 5321.from and HELO/EHLO: The SPF protocol specifies checks against the 5321.from and HELO/EHLO values when there is a null sender.
  • Historical Context: Older recommendations included adding SPF records to both 5321.from and 5322.from due to Microsoft's past checks against the 5322.from.

Key considerations

  • Bounce Handling: The Return-Path domain is crucial as it's used for bounce messages.
  • Microsoft Delivery: Publishing in 5322.from is generally not recommended unless there's a specific delivery issue with Microsoft that needs to be resolved.
Expert view

Expert from Email Geeks explains the SPF protocol specifies SPF checks against the 5321.from and, in the case of mail with a null sender, the HELO/EHLO value. She also references past discussions where Microsoft used SPF checks against the 5322.from, leading to recommendations for SPF in both.

February 2023 - Email Geeks
Expert view

Expert from Word to the Wise mentions that SPF authenticates the Return-Path, also known as the envelope sender or MAIL FROM. This is the address to which bounce messages are sent.

March 2025 - Word to the Wise
Expert view

Expert from Spamresource.com explains that SPF checks are performed against the domain used in the MAIL FROM (Return-Path) address.

October 2021 - Spamresource.com

What the documentation says
4Technical articles

SPF checks are performed against the domain present in the MAIL FROM address, also known as the Return-Path or envelope sender. This address is primarily used for handling bounced emails and error reporting. For DMARC alignment, it is important that the domain used for the SPF check matches the domain in the From: header.

Key findings

  • MAIL FROM/Return-Path: SPF authenticates the domain found in the MAIL FROM (Return-Path) address.
  • Bounce Handling: The MAIL FROM/Return-Path address is used for sending bounce messages.
  • Error Reporting: The Return-Path is also used for error reporting during email delivery.

Key considerations

  • DMARC Alignment: To achieve DMARC alignment, ensure the SPF-checked domain aligns with the domain in the From: header.
Technical article

Documentation from DMARC.org explains that SPF authenticates the domain used to send the message (the envelope from address, also known as the Return-Path).

June 2024 - DMARC.org
Technical article

Documentation from Microsoft Learn explains that SPF checks the domain used in the MAIL FROM address (also known as the envelope sender or Return-Path). This is the address where bounce messages are sent.

September 2023 - Microsoft Learn
Technical article

Documentation from RFC 7208 explains that SPF authentication occurs against the MAIL FROM identity, also known as the envelope sender or Return-Path. This address is used for error reporting.

September 2021 - RFC Editor
Technical article

Documentation from Google Workspace Admin Help explains that SPF checks the domain in the 'MAIL FROM' or 'Return-Path' address of the email, used for bounce handling. It also notes that for SPF to pass alignment for DMARC, the domain used in the SPF check must match the domain in the 'From:' header.

December 2023 - Google Workspace Admin Help