Do SPF and DKIM records need to be aligned for all email service providers?

Summary

The compiled responses from various sources, including email marketers, experts, and documentation from Google, Microsoft, DMARC.org, and AuthSMTP, emphasize the importance of proper SPF and DKIM configuration, particularly when using multiple ESPs. While one Email Geeks source mentioned Google's guidelines stating only one of SPF or DKIM needs alignment, there's a strong recommendation for DKIM alignment. This involves configuring DNS records to include DKIM signatures matching the sending domain for each ESP, ensuring the 'd=' domain aligns with the 'From:' domain. Having each ESP set up separately with its own authentication (especially DKIM with unique keys) is crucial. Proper configuration is vital for DMARC compliance, verifying email authenticity, and preventing emails from being flagged as spam.

Key findings

  • DKIM Priority: DKIM alignment is generally prioritized, ensuring email authenticity.
  • Separate Configuration: Each ESP requires separate SPF and DKIM configurations.
  • Unique Keys: Each ESP should be configured with DKIM using its own unique key.
  • Alignment Verification: The 'd=' domain in the DKIM signature should align with the sending domain for each ESP.
  • DMARC Compliance: SPF alignment is necessary for DMARC to pass SPF checks, and DKIM alignment is crucial for DMARC to pass DKIM checks.

Key considerations

  • Deliverability Impact: Proper SPF and DKIM configuration significantly impacts email deliverability.
  • Spam Prevention: Correct authentication prevents emails from being flagged as spam.
  • Configuration Complexity: Setting up SPF and DKIM for multiple ESPs requires meticulous DNS record management.
  • Domain Reputation: Failure to configure SPF and DKIM properly can negatively affect domain reputation.
  • Authentication Standards: Establishing authentication standards like SPF, DKIM, and DMARC is vital.

What email marketers say
6Marketer opinions

The consensus among email marketers from various platforms like Mailchimp, SendGrid, Postmark, Stack Overflow, Reddit, and ExpertSender is that SPF and DKIM records must be properly configured and aligned for each email service provider (ESP) used. This involves creating separate SPF and DKIM records for each ESP and ensuring that the sending domain aligns with the domain in the 'From:' address and the DKIM signature.

Key opinions

  • Separate Authentication: Each ESP requires its own separate SPF and DKIM setup.
  • DKIM Alignment: The 'd=' domain in the DKIM signature must align with your sending domain for each ESP.
  • SPF Configuration: SPF records should include statements for each ESP being used.
  • Domain-Specific Records: If sending from multiple domains, each domain requires its own SPF and DKIM records.
  • DMARC Alignment: DMARC alignment with DKIM ensures the domain used to sign the email matches the From header.

Key considerations

  • Deliverability: Proper SPF and DKIM alignment is crucial for optimal email deliverability.
  • Domain Verification: Verify that the sending domain aligns with the 'From:' address for each ESP.
  • Spam Prevention: Correct authentication prevents emails from being flagged as spam.
  • Configuration: Configure DNS records to include DKIM signatures that match your sending domain.
  • Multiple Domains: When using multiple domains, each domain requires its own individual setup to ensure correct authentication.
Marketer view

Email marketer from Mailchimp Support shares that to properly authenticate email from Mailchimp, you should authenticate your sending domain using both SPF and DKIM. If you send from multiple domains within Mailchimp, each domain needs its own separate authentication setup. This ensures Mailchimp can send email on behalf of each of your domains.

May 2024 - Mailchimp
Marketer view

Email marketer from SendGrid Support explains that proper DKIM alignment involves configuring your DNS records to include a DKIM signature that matches your sending domain. When sending from multiple ESPs like SendGrid and others, each requires its own DKIM setup and you need to ensure that the 'd=' domain in the DKIM signature aligns with your 'From:' domain for each ESP.

March 2023 - SendGrid
Marketer view

Email marketer from Postmark Support shares that for optimal deliverability when using multiple ESPs, you need to ensure that both SPF and DKIM are correctly set up and aligned for each ESP. This involves creating separate SPF and DKIM records for each ESP and verifying that the sending domain aligns with the domain in the 'From:' address and the DKIM signature.

February 2025 - Postmark
Marketer view

Email marketer from ExpertSender explains that DMARC alignment with DKIM involves verifying that the domain used to sign the email with DKIM matches the domain used in the From header. You need to ensure that each ESP you use correctly signs emails with DKIM using a domain aligned with your organizational domain. Each ESP must have its own DKIM configuration.

March 2021 - ExpertSender
Marketer view

Email marketer from Stack Overflow explains that if you're using multiple ESPs, you will need to set up SPF and DKIM for each of them. This usually involves adding include statements to your SPF record for each ESP and setting up DKIM signatures for each ESP's sending domain.

November 2023 - Stack Overflow
Marketer view

Email marketer from Reddit explains that If you send emails from multiple domains, each domain must have its own SPF and DKIM records. This ensures that emails sent from each domain are properly authenticated, preventing them from being flagged as spam.

October 2022 - Reddit

What the experts say
5Expert opinions

The responses regarding SPF and DKIM alignment for multiple ESPs present a nuanced view. While one source indicates that Google's guidelines only require one of SPF or DKIM to be aligned, others strongly recommend DKIM alignment, especially when using multiple ESPs. It's highlighted that each ESP should be configured with DKIM using its own unique key, with the 'd=' domain in the DKIM signature aligning with the sending domain. Setting up SPF and DKIM separately for each ESP is also emphasized as essential for proper email authentication.

Key opinions

  • DKIM Priority: DKIM alignment is generally prioritized over SPF alignment, especially to avoid potential issues.
  • Unique Keys: Each ESP should be configured with DKIM using its own unique DKIM key.
  • Alignment Verification: Verify that the 'd=' domain in the DKIM signature aligns with the sending domain for each ESP.
  • ESP Separation: Authentication standards like SPF, DKIM and DMARC are setup seperately for each ESP, especially DKIM.
  • Google Requirements: Google says that both SPF and DKIM must be present, but only one must align.

Key considerations

  • Email Deliverability: Proper DKIM configuration is crucial for ensuring email deliverability and avoiding spam filters.
  • Configuration Complexity: Setting up SPF and DKIM for multiple ESPs can be complex and requires careful DNS record management.
  • Authentication Standards: Importance of setting up authentication standards like SPF, DKIM and DMARC.
  • DNS Management: Managing DNS records for multiple ESPs requires careful attention to avoid errors.
Expert view

Expert from Word to the Wise discusses the importance of setting up authentication standards like SPF, DKIM and DMARC. It explains that each ESP needs to be setup seperately, especially DKIM.

June 2024 - Word to the Wise
Expert view

Expert from Email Geeks explains that having just SPF aligned is asking for trouble and it's better to have DKIM aligned. If you can have both aligned that’s perfect, but he cares a lot less about SPF once DKIM is aligned.

November 2023 - Email Geeks
Expert view

Email marketer from Email Geeks answers that there is no requirement, regardless of volume, that SPF and DKIM be aligned. Google’s guidelines say that both must be present, but only one must align. He says it’s best practice to have both align, specifically to guard against DNS hiccups and such that might cause one to fail to validate, but it’s not currently required that both do.

March 2024 - Email Geeks
Expert view

Expert from Email Geeks confirms each ESP needs to have aligned DKIM.

October 2024 - Email Geeks
Expert view

Expert from Spamresource.com explains that when using multiple ESPs, you need to ensure that each ESP is properly configured with DKIM using its own unique DKIM key. This involves setting up DNS records for each ESP's DKIM signature and verifying that the 'd=' domain in the DKIM signature aligns with your sending domain for each ESP.

December 2022 - Spamresource.com

What the documentation says
4Technical articles

According to documentation from Google, Microsoft, DMARC.org, and AuthSMTP, proper SPF and DKIM configuration is essential for email authentication, especially when using multiple ESPs. SPF alignment is crucial for DMARC compliance, requiring the 'MAIL FROM' domain to match the authorizing domain. DKIM verifies email authenticity, necessitating a unique DKIM configuration for each domain when using multiple sending domains or ESPs. DMARC relies on DKIM alignment, ensuring the signing domain matches the 'From:' header. Each ESP should have separate SPF and DKIM configurations due to unique sending IPs and DKIM signing keys.

Key findings

  • SPF Alignment for DMARC: SPF alignment is necessary for DMARC to pass SPF checks.
  • DKIM for Authentication: DKIM is critical for verifying the authenticity of emails.
  • Multiple ESPs: When using multiple ESPs, each domain requires its own DKIM configuration.
  • DMARC and DKIM Alignment: DMARC requires DKIM alignment, ensuring the signing domain matches the 'From:' header.
  • Separate Configurations: Each ESP needs separate SPF and DKIM configurations.

Key considerations

  • DMARC Compliance: Proper SPF and DKIM alignment are essential for DMARC compliance.
  • Email Authenticity: Correct DKIM configuration ensures emails are authenticated, preventing them from being marked as spam.
  • Configuration Complexity: Setting up SPF and DKIM for multiple ESPs requires careful attention to detail.
  • Domain Reputation: Failing to properly configure SPF and DKIM can negatively impact domain reputation and deliverability.
  • Sending IPs and DKIM Keys: Each ESP has unique sending IPs and DKIM signing keys that need to be properly configured.
Technical article

Documentation from DMARC.org explains that DKIM alignment checks if the domain used to sign the email (d= tag in the DKIM signature) matches the domain in the 'From:' header. For DMARC to pass DKIM, there must be a match or a subdomain relationship. When using multiple ESPs, ensure each uses DKIM signing with a domain aligned with your organizational domain.

June 2024 - DMARC.org
Technical article

Documentation from Google explains that SPF alignment (also known as SPF Hardfail) is important for DMARC. It is achieved when the domain used in the 'MAIL FROM' or 'Return-Path' address matches the domain that authorized the sending server in the SPF record. This is necessary for DMARC to pass SPF checks.

December 2024 - Google
Technical article

Documentation from Microsoft explains that DKIM is critical for verifying the authenticity of emails sent from your domain. When using multiple sending domains or ESPs, each domain needs its own DKIM configuration. If DKIM is not properly configured for all sending sources, emails may fail authentication and be marked as spam.

October 2022 - Microsoft
Technical article

Documentation from AuthSMTP explains that if you're using multiple email sending services or ESPs, you must configure SPF and DKIM for each of them. Each service will have its own sending IPs and DKIM signing keys, so each must be properly configured to authenticate emails sent through them.

November 2023 - AuthSMTP