Suped

What are the considerations for using different domains for From, DKIM, and SPF?

11 Marketer opinions4 Expert opinions5 Technical articles1 Resource

Summary

When utilizing different domains for the 'From' address, DKIM, and SPF, careful consideration must be given to several factors impacting email deliverability and sender reputation. Primarily, proper authentication (SPF, DKIM, DMARC) for each domain/subdomain is paramount. Key aspects include DKIM alignment with the 'From' domain, understanding that DMARC policies mainly apply to the 'From' domain, and leveraging subdomains to segment reputation, particularly vital in shared IP environments. Building a strong sender reputation for each domain, accurate DNS configuration, and consistent brand messaging are crucial. Ensure minimal SPF lookups to avoid exceeding DNS limits, and validate configurations. Also, consider the use of email security and proper DMARC setup. Employing different domains can isolate reputation, but requires diligent maintenance of SPF records and DNS settings.

Key findings

  • Authentication is Paramount: Proper SPF, DKIM, and DMARC setup is essential for each sending domain and subdomain.
  • DMARC Focus: DMARC primarily governs the 'From' domain, influencing policy enforcement.
  • Subdomain Segmentation: Using subdomains effectively segments sender reputation, mitigating risk in shared IP environments.
  • Isolate Reputation: Different domains can isolate reputation, but requires dilligent maintenance.
  • Alignment matters: DKIM needs to be relaxed aligned with the from address.
  • Validate Configuration: It is very important to validate all configurations.

Key considerations

  • Domain Alignment: Ensure proper DKIM alignment with the 'From' domain for successful DMARC validation.
  • Reputation Building: Actively build and maintain a positive sender reputation for each domain or subdomain.
  • DNS Accuracy: Routinely verify and update SPF, DKIM, and DMARC records for all sending domains.
  • Shared IP Impact: Strategically separate sending streams via subdomains when operating on shared IPs.
  • SPF Optimization: Minimize SPF lookups.
  • Email security: Setup email security protocols.
  • DMARC Setup: Ensure DMARC configuration.

What email marketers say
11Marketer opinions

When using different domains for the From address, DKIM, and SPF, several factors influence email deliverability and sender reputation. It's crucial to ensure proper authentication (SPF, DKIM, DMARC) for each domain or subdomain used. DKIM alignment, DMARC policies (specifically related to the From domain), and the potential for segmented reputation (especially with subdomains) are important considerations. In shared IP environments, separating sending streams through subdomains becomes even more critical. Building and maintaining sender reputation for each domain, including proper DNS configuration, is vital. Brand consistency should also be considered as drastically different domains can impact user trust. Email security needs to be correctly setup and DMARC policies maintained.

Key opinions

  • Authentication is Key: Proper SPF, DKIM, and DMARC configuration is essential for each sending domain.
  • DMARC Focus: DMARC policies apply primarily to the From domain.
  • Reputation Segmentation: Using different subdomains helps isolate sender reputation, protecting critical email streams.
  • Brand Perception: Consistency in the From domain can improve brand trust and recognition.
  • Email security: Email security needs to be setup correctly in order to avoid deliverability issues.

Key considerations

  • Domain Alignment: Ensure DKIM alignment with the From domain for DMARC compliance.
  • Shared IP Impact: Separate sending streams using subdomains when on a shared IP to mitigate reputation risks.
  • Reputation Building: Establish and maintain a positive sender reputation for each domain or subdomain.
  • DNS Configuration: Correctly configure SPF, DKIM, and DMARC records for all sending domains.
  • Email security: Check email security setup to ensure the email is not seen as spam
  • DMARC setup: Ensure your DMARC setup for your domain and subdomains are correct.
Marketer view

Email marketer from SparkPost explains that it's important to authenticate each sending domain (or subdomain) properly with SPF, DKIM, and DMARC. Using different subdomains allows for better tracking and management of reputation for different types of email traffic.

June 2021 - SparkPost
Marketer view

Email marketer from an Email Marketing Forum describes that if you are seeing deliverability issues when using different domains for sending, ensure all DNS records (SPF, DKIM, DMARC) are correctly configured for *each* sending domain. Incorrect DNS configuration is a common cause of deliverability problems.

October 2021 - Email Marketing Forum
Marketer view

Email marketer from Email Marketing Blog shares that using a consistent 'From' domain can improve brand recognition and trust. If you use radically different domains for different email types, customers may become suspicious and less likely to engage.

April 2022 - Email Marketing Blog
Marketer view

Email marketer from Reddit discusses the impact of sender reputation. They describe that if you are sending from a different domain or subdomain, it's essential to build a good sender reputation for that new domain. They recommend warming up the IP and domain by gradually increasing the volume of emails sent.

July 2023 - Reddit
Marketer view

Email Marketer from ExpertSender explains that by using different domains for From, DKIM and SPF you will need to ensure your email security is setup correctly. If not, then this can lead to a much higher chance of spam.

October 2022 - ExpertSender
Marketer view

Marketer from Email Geeks explains that the DKIM signing domain is in relaxed alignment with the From domain, and that's what matters.

January 2024 - Email Geeks
Marketer view

Marketer from Email Geeks explains that DMARC will only be involved if the From domain has a DMARC policy other than p=none.

September 2021 - Email Geeks
Marketer view

Email Marketer from Mailgun shares that using different subdomains for transactional and marketing emails helps segment reputation. For example, use 'transactional.example.com' for transactional emails and 'marketing.example.com' for marketing emails. This isolates any reputation damage from marketing campaigns, preventing it from impacting critical transactional emails.

June 2021 - Mailgun
Marketer view

Email Marketer from MailerQ shares that in order to use different domains you'll need to ensure that your DMARC setup for your domain and subdomains are correct. By ensuring that DMARC is setup correctly you should be able to use different From addresses without issue.

September 2022 - MailerQ
Marketer view

Email Marketer from SendGrid shares that when using a shared IP, it's even more important to separate sending streams using subdomains. If one user on the shared IP sends spam, it can impact the deliverability of all users on that IP. Using a dedicated IP and properly authenticated domain mitigates this risk.

March 2023 - SendGrid
Marketer view

Marketer from Email Geeks explains that DMARC only works on the From domain.

May 2022 - Email Geeks

What the experts say
4Expert opinions

When using different domains for From, DKIM, and SPF records, a key consideration is isolating domain reputation. By using different sending domains, a poor reputation on one won't necessarily impact others. It's crucial to ensure that all SPF records are current and correctly list authorized sending sources, as outdated records can cause deliverability issues. DKIM selectors can differentiate DKIM configurations without needing subdomains, and it is important to validate the configurations by reading reports to confirm they are working as expected.

Key opinions

  • Isolate Reputation: Different domains isolate reputation; problems on one don't automatically affect others.
  • Accurate SPF Records: Maintaining current and accurate SPF records listing all authorized sending sources is critical.
  • DKIM Selectors: DKIM selectors can differentiate DKIM without needing subdomains.

Key considerations

  • Validate Configuration: Regularly validate email authentication setup by reviewing reports to ensure proper functioning.
  • Maintain SPF: Keep SPF records updated to reflect all authorized sending sources to avoid deliverability issues.
  • Reputation Management: Monitor and manage the reputation of each domain used for sending email.
Expert view

Expert from Word to the Wise explains the necessity of maintaining current and correct SPF records. She describes that ensuring your SPF record accurately lists all authorized sending sources is critical, especially when dealing with multiple domains. Outdated or incomplete SPF records can lead to legitimate email being flagged as spam.

June 2024 - Word to the Wise
Expert view

Expert from Spam Resource explains that using different domains for sending email can isolate reputation. If one domain has a poor reputation due to spam complaints or blacklisting, it won't necessarily affect the reputation of other domains you use. It's essentially creating separate identities for different sending purposes.

October 2023 - Spam Resource
Expert view

Expert from Email Geeks shares that the selector can differentiate the DKIM, and you don't need a subdomain for that.

September 2021 - Email Geeks
Expert view

Expert from Email Geeks suggests reading the reports and validating the configuration is working as expected.

November 2024 - Email Geeks

What the documentation says
5Technical articles

When employing different domains for the 'From' address, DKIM, and SPF, it's essential to consider alignment requirements for successful email authentication and deliverability. For SPF, the 'MAIL FROM' domain must align with the authorized sending domain. To pass DMARC, either SPF or DKIM must align with the 'From' domain, either strictly or in a relaxed manner using subdomains. Excessive SPF lookups from numerous domains can exceed DNS lookup limits, leading to SPF failures and email rejection. SPF 'hard fails' greatly increase the likelihood of email rejection. Correctly configuring SPF records is critical to handle mail from diverse domains.

Key findings

  • SPF Alignment: 'MAIL FROM' domain must align with the authorized sending domain for SPF success.
  • DMARC Alignment Requirement: Either SPF or DKIM must align with the 'From' domain for DMARC to pass.
  • SPF Lookup Limits: Excessive SPF record lookups can cause authentication failures.
  • SPF Hard Fail Impact: SPF 'hard fails' significantly increase the chance of email rejection.

Key considerations

  • Domain Authorization: Authorize all sending domains in SPF records.
  • Alignment Strategy: Ensure alignment between the 'MAIL FROM' domain, DKIM 'd=' domain, and the 'From' domain for SPF and DKIM.
  • SPF Record Optimization: Minimize the number of SPF lookups to avoid exceeding limits.
  • SPF Fail Handling: Use '~all' instead of '-all' in SPF records to soften the impact of SPF failures.
Technical article

Documentation from Google explains that domain alignment checks if the domain in the email's 'From' address matches the domain that authenticated the email. For SPF, the 'Return-Path' domain must match the 'From' domain. For DKIM, the 'd=' domain in the DKIM signature must match the 'From' domain.

September 2021 - Google
Technical article

Documentation from AuthSMTP explains that if the SPF record results in a 'hard fail' ('-all'), the email is very likely to be rejected by the recipient's mail server. Ensure your SPF records are configured to handle mail sent from different domains appropriately, likely using '~all' instead.

October 2024 - AuthSMTP
Technical article

Documentation from RFC states that excessive SPF record lookups can cause issues. If you're using many different domains with SPF, this can lead to exceeding the DNS lookup limits, causing SPF to fail and emails to be rejected.

July 2023 - RFC
Technical article

Documentation from Microsoft explains that for SPF, it's crucial that the domain used in the 'MAIL FROM' address (also known as the envelope sender address) matches the domain authorized to send emails on behalf of that domain. If the SPF check fails, it can lead to deliverability issues.

February 2024 - Microsoft
Technical article

Documentation from DMARC.org explains that for DMARC to pass, either SPF or DKIM must align. SPF alignment requires the 'MAIL FROM' domain to match the 'From' header domain (strict alignment) or a subdomain of it (relaxed alignment). DKIM alignment requires the 'd' tag domain to match the 'From' header domain (strict) or a subdomain (relaxed).

August 2022 - DMARC.org

Related resources
1Resource

Issues setting up SPF, DKIM and DMARC - using only Google ...
Issues setting up SPF, DKIM and DMARC - using only Google ...

Hi everyone, just trying to set up SPF and DKIM (and DMARC?) for our small company switching to the new domain: future-matters.org. I have all three in my Cloudflare DNS records, but some issues. We’re only going to be sending emails via our Google Workspace associated with the email, with Gmail activated - and soon, MailerLite for our newsletter. Somehow, whatever I do, Gmail doesn’t confirm the DKIM authentication. At Apps > Google Workspace > Settings for Gmail > Authenticate email, it just ...

Cloudflare Community

Related questions