Do SPF and DKIM records need to be aligned for all email service providers?
Summary
What email marketers say6Marketer opinions
Email marketer from Mailchimp Support shares that to properly authenticate email from Mailchimp, you should authenticate your sending domain using both SPF and DKIM. If you send from multiple domains within Mailchimp, each domain needs its own separate authentication setup. This ensures Mailchimp can send email on behalf of each of your domains.
Email marketer from SendGrid Support explains that proper DKIM alignment involves configuring your DNS records to include a DKIM signature that matches your sending domain. When sending from multiple ESPs like SendGrid and others, each requires its own DKIM setup and you need to ensure that the 'd=' domain in the DKIM signature aligns with your 'From:' domain for each ESP.
Email marketer from Postmark Support shares that for optimal deliverability when using multiple ESPs, you need to ensure that both SPF and DKIM are correctly set up and aligned for each ESP. This involves creating separate SPF and DKIM records for each ESP and verifying that the sending domain aligns with the domain in the 'From:' address and the DKIM signature.
Email marketer from ExpertSender explains that DMARC alignment with DKIM involves verifying that the domain used to sign the email with DKIM matches the domain used in the From header. You need to ensure that each ESP you use correctly signs emails with DKIM using a domain aligned with your organizational domain. Each ESP must have its own DKIM configuration.
Email marketer from Stack Overflow explains that if you're using multiple ESPs, you will need to set up SPF and DKIM for each of them. This usually involves adding include statements to your SPF record for each ESP and setting up DKIM signatures for each ESP's sending domain.
Email marketer from Reddit explains that If you send emails from multiple domains, each domain must have its own SPF and DKIM records. This ensures that emails sent from each domain are properly authenticated, preventing them from being flagged as spam.
What the experts say5Expert opinions
Expert from Word to the Wise discusses the importance of setting up authentication standards like SPF, DKIM and DMARC. It explains that each ESP needs to be setup seperately, especially DKIM.
Expert from Email Geeks explains that having just SPF aligned is asking for trouble and it's better to have DKIM aligned. If you can have both aligned that’s perfect, but he cares a lot less about SPF once DKIM is aligned.
Email marketer from Email Geeks answers that there is no requirement, regardless of volume, that SPF and DKIM be aligned. Google’s guidelines say that both must be present, but only one must align. He says it’s best practice to have both align, specifically to guard against DNS hiccups and such that might cause one to fail to validate, but it’s not currently required that both do.
Expert from Email Geeks confirms each ESP needs to have aligned DKIM.
Expert from Spamresource.com explains that when using multiple ESPs, you need to ensure that each ESP is properly configured with DKIM using its own unique DKIM key. This involves setting up DNS records for each ESP's DKIM signature and verifying that the 'd=' domain in the DKIM signature aligns with your sending domain for each ESP.
What the documentation says4Technical articles
Documentation from DMARC.org explains that DKIM alignment checks if the domain used to sign the email (d= tag in the DKIM signature) matches the domain in the 'From:' header. For DMARC to pass DKIM, there must be a match or a subdomain relationship. When using multiple ESPs, ensure each uses DKIM signing with a domain aligned with your organizational domain.
Documentation from Google explains that SPF alignment (also known as SPF Hardfail) is important for DMARC. It is achieved when the domain used in the 'MAIL FROM' or 'Return-Path' address matches the domain that authorized the sending server in the SPF record. This is necessary for DMARC to pass SPF checks.
Documentation from Microsoft explains that DKIM is critical for verifying the authenticity of emails sent from your domain. When using multiple sending domains or ESPs, each domain needs its own DKIM configuration. If DKIM is not properly configured for all sending sources, emails may fail authentication and be marked as spam.
Documentation from AuthSMTP explains that if you're using multiple email sending services or ESPs, you must configure SPF and DKIM for each of them. Each service will have its own sending IPs and DKIM signing keys, so each must be properly configured to authenticate emails sent through them.