Should I add SPF records to both sender domain and envelope domain?
Summary
What email marketers say12Marketer opinions
Email marketer from DNS records emphasizes the need to verify all domains and subdomains, especially subdomains, to ensure accurate SPF implementation. Neglecting this can cause issues with email authentication and deliverability.
Email marketer from Email Geeks says for the 'best of both worlds', ensure the domains in both (5322 and envelope) match exactly to have SPF covered in both.
Email marketer from Email Geeks advises against cluttering the 5322 domain with needless DNS entries for SPF, as that's not where SPF is checked.
Email marketer from Word to the Wise clarifies that you should be most concerned with SPF alignment, which means matching the domain in the 'header from' address with the domain authorized by SPF. This alignment is crucial for passing DMARC.
Email marketer from URIports explains the importance of SPF records for subdomains. They advise implementing SPF records for all subdomains that send email to ensure proper authentication and improve email deliverability.
Email marketer from EasyDMARC advises that having separate SPF records for different subdomains used for sending emails is a good practice. This helps in managing and isolating sending reputations. However, they also mention that you should not have multiple SPF records for the same domain.
Email marketer from AuthSMTP states that it's a best practice to have SPF records for any domain that sends email. This includes the main domain and any subdomains, especially those used by third-party email services.
Email marketer from Google Groups indicates that if you're sending emails from multiple domains or subdomains, each should have its own SPF record. They also advise being careful with the number of DNS lookups allowed by SPF, as exceeding the limit can cause SPF to fail.
Email marketer from StackOverflow responds, stating that adding the sending domain's SPF record is the correct method to cover all mail servers. In contrast, adding an SPF record to the envelope domain (Return-Path/ MAIL FROM) is unnecessary because it doesn't affect message delivery, and only the mail server administrator can do it.
Email marketer from Mailjet shares that SPF helps your recipients’ mail servers check to see if a message purporting to come from your domain really did come from you and not someone spoofing your address. By defining which mail servers are authorized to send from your domain, you reduce the chances of being a spam victim, helping ensure your emails make it to the inbox.
Email marketer from Reddit explains that the SPF record should primarily cover the domain used in the 'Mail From' address, and that DMARC uses this record in conjunction with DKIM to determine if the email is legitimate. Make sure your 'Mail From' domain is aligned with your 'Header From' domain for DMARC compliance.
Email marketer from Mailhardener emphasises the importance of a properly configured SPF record to prevent spammers from forging your domain when sending emails. It contributes to your domain’s reputation and can significantly improve email deliverability.
What the experts say4Expert opinions
Expert from Spam Resource explains that SPF is used to ensure that emails aren't spoofed and that email delivery is verified. If you are setting up a domain SPF is required in order for good delivery.
Expert from Email Geeks clarifies that while older guidance might suggest adding SPF at the visible from level (due to Microsoft's historical practices), it's not necessary now. Some ESP tools may still issue warnings about the lack of SPF in the from domain, but these are often useless.
Expert from Word to the Wise clarifies that you should be most concerned with SPF alignment, which means matching the domain in the 'header from' address with the domain authorized by SPF. This alignment is crucial for passing DMARC.
Expert from Email Geeks explains that Gmail won’t show an SPF result for the domain in the 5322.from, so an extra SPF record won’t help change that. To see the SPF results in GPT, you need to add the envelope domain to GPT.
What the documentation says4Technical articles
Documentation from Microsoft advises ensuring that the SPF record covers all domains used for sending email, including subdomains used by marketing services. It notes that neglecting this can lead to deliverability issues, especially if you're using Microsoft 365.
Documentation from RFC Editor details that SPF (Sender Policy Framework) authenticates the MAIL FROM identity (also known as the envelope sender or Return-Path). It explains SPF's mechanism to permit sending hosts of a domain and is used during the SMTP transaction.
Documentation from dmarcian explains SPF's role in verifying the sending mail server’s authority to send emails on behalf of your domain, using the domain found in the 'MAIL FROM' or 'envelope from' address. This helps receiving servers identify legitimate emails and filter out fraudulent ones.
Documentation from Cloudflare shares that the SPF (Sender Policy Framework) is a type of DNS record that identifies the mail servers authorized to send email on behalf of your domain. It helps prevent spammers from sending messages with forged 'from' addresses at your domain.