Should SPF records match the 'From:' address or the Return-Path domain when sending from Marketo?
Summary
What email marketers say8Marketer opinions
Email marketer from Mailjet answers that SPF should align with the domain used in the Return-Path, as this is the address used for bounces and delivery-related communications. The 'From:' address is a separate consideration for sender reputation and branding.
Email marketer from Email on Acid notes that SPF is used to authenticate the envelope sender (Return-Path), so the SPF record must include the sending sources authorized to send mail for that domain. DKIM can then be used to verify the 'From' domain. DMARC ties it all together.
Email marketer from SendGrid explains that SPF is designed to prevent sender address forgery. It authenticates the server sending email on behalf of your domain, which is related to the Return-Path, not directly the 'From:' address.
Email marketer from Email Geeks shares that the Return Path email addresses for Marketo pass a lot of data back such as Munchkin ID, smart campaign, run step, record ID, etc.
Email marketer from Litmus responds that SPF authenticates the Return-Path domain. DMARC builds upon SPF and DKIM to verify the 'From:' domain and specify how to handle emails that fail authentication.
Email marketer from Stack Overflow answers that SPF needs to authenticate the domain in the 'MAIL FROM' (Return-Path). The 'From:' domain is important for other checks such as DMARC. DKIM is needed for alignment between 'From:' and authenticated domains.
Email marketer from GlockApps shares that it's crucial for SPF to align with the Return-Path domain, as this is what receiving mail servers check for authentication. Using a different domain in the 'From:' address than in the Return-Path can cause deliverability issues if not handled correctly with DKIM and DMARC.
Email marketer from Reddit suggests that SPF records should be set up to authorize the mail server used by Marketo to send emails on behalf of the domain in the Return-Path, even if the 'From:' address uses a different domain. DMARC can then align the 'From:' domain using DKIM.
What the experts say3Expert opinions
Expert from Word to the Wise explains that SPF is related to the Return-Path (the envelope sender). The domain in the 'From:' header is handled by DKIM and DMARC.
Expert from Email Geeks explains that the SPF record should be for the domain used in the Return Path, not necessarily the user-visible From: address. Also you generally don't need to publish a SPF record for the domain in your user visible From.
Expert from Email Geeks explains that the Return Path is the address used during the SMTP transaction and is authenticated by SPF. It's not the reply-to address.
What the documentation says3Technical articles
Documentation from DMARC.org shares that SPF authenticates the domain used in the Return-Path (also called MAIL FROM or envelope sender). This is distinct from the 'From:' header address, which is covered by DMARC in conjunction with DKIM.
Documentation from RFC Editor defines SPF as authenticating the MAIL FROM identity, emphasizing that it is the Return-Path domain that undergoes SPF checks during email delivery.
Documentation from Microsoft Learn explains that SPF records should authenticate the MAIL FROM address (also known as the envelope sender or Return-Path), which is used during the SMTP transaction, not the 'From:' address displayed to the user.