Suped

Why are there two domains in the 'Mail From' field of an email header, and how does it affect deliverability?

6 Marketer opinions5 Expert opinions3 Technical articles1 Resource

Summary

The presence of multiple domains associated with the 'Mail From' field stems from SMTP standards and email authentication protocols. The 'smtp.mailfrom' domain, verified by SPF, specifies the envelope sender. The Authentication-Results header displays various domains involved in authentication, including domains for DKIM and HELO/EHLO. The HELO/EHLO domain, though not in 'Mail From', affects deliverability through SPF checks. Additional domains can be the receiving domain or the authserv-id (often meaningless). Domain reputation, proper bounce handling, and alignment between HELO/EHLO and 'Mail From' are critical for deliverability. Older methods like Sender ID are less impactful than SPF, DKIM and DMARC.

Key findings

  • SMTP and MAIL FROM: RFC standards define 'MAIL FROM' for specifying the reverse path, crucial for SPF.
  • SPF Validation: 'smtp.mailfrom' undergoes SPF verification, acting as the envelope sender's identifier.
  • Auth Results Diversity: The Authentication-Results header shows domains for SPF, DKIM, HELO, and potentially receiving servers.
  • HELO Significance: The HELO domain plays a vital role in authentication and can impact deliverability.
  • Reputation Effects: The reputation of all involved domains can impact email deliverability significantly.
  • Sender ID Obsolete: Older methods, like Sender ID, are less significant in authentication processes.

Key considerations

  • Enforce SPF Alignment: Ensure the HELO domain aligns with the 'MAIL FROM' domain, and both have correct SPF records.
  • Check Headers: Examine headers like 'Received' and 'Authentication-Results' to understand the domain paths and authentication outcomes.
  • Monitor Reputations: Monitor the reputation of all sending domains to ensure deliverability rates remain high.
  • Ensure Bounce Handling: Properly configure bounce handling for the 'MAIL FROM' domain.
  • DMARC: Implement DMARC, as multiple domains can be used for phishing.

What email marketers say
6Marketer opinions

Multiple domains in the 'Mail From' field and related authentication headers are primarily due to various email authentication mechanisms like SPF, DKIM, and DMARC. The 'smtp.mailfrom' domain is verified by SPF, while others can be related to DKIM signatures or HELO/EHLO. Domain reputation, alignment of domains (HELO/EHLO vs. MAIL FROM), and proper bounce handling all significantly affect deliverability. Failure of authentication for any domain involved can negatively impact whether the email reaches the inbox.

Key opinions

  • Multiple Domains in Auth: The presence of multiple domains in authentication headers is a result of various email authentication processes.
  • SPF Verification: The 'smtp.mailfrom' domain is verified by SPF and acts as the envelope sender.
  • Domain Reputation: Domain reputation of any domain involved can significantly affect deliverability.
  • Alignment Matters: Alignment between HELO/EHLO and MAIL FROM domains is crucial for avoiding deliverability issues.
  • Bounce Handling: Proper configuration of the 'MAIL FROM' domain for bounce handling is critical for deliverability.

Key considerations

  • Monitor Domain Reputation: Regularly monitor the reputation of all domains used in your email sending infrastructure.
  • Ensure SPF/DKIM Alignment: Ensure proper alignment between SPF and DKIM records to improve authentication.
  • Proper Bounce Configuration: Configure the 'MAIL FROM' domain to correctly handle bounces to avoid being flagged as a spammer.
  • HELO/EHLO Configuration: Ensure the HELO/EHLO domain aligns with the MAIL FROM domain to avoid raising red flags.
  • Authentication Results: Pay attention to the 'Authentication-Results' header to diagnose authentication issues and improve deliverability.
Marketer view

Email marketer from EmailOnAcid describes that the Authentication-Results header provides a summary of the authentication checks performed on the email. It explains different mechanisms like SPF, DKIM and DMARC that were applied. The header can display several domains that participated in the process of email verification. If the SPF and DKIM alignment don't line up then it can cause problems.

November 2024 - EmailOnAcid
Marketer view

Email marketer from GlockApps shares that domain reputation significantly impacts deliverability. If one of the domains involved (e.g., the sending domain or a domain used in redirects) has a poor reputation, it can negatively affect whether the email reaches the inbox. Monitoring domain reputation is crucial for maintaining good deliverability.

February 2022 - GlockApps
Marketer view

Email marketer from StackExchange discusses that the 'MAIL FROM' domain is crucial for bounce handling. If this domain isn't properly configured to receive bounces (e.g., with a valid return-path), it can lead to deliverability issues as ISPs may see the sender as not handling bounces correctly.

January 2025 - StackExchange
Marketer view

Email marketer from Reddit explains that multiple domains can appear due to SPF, DKIM, and DMARC authentication processes. Each domain serves a different purpose in verifying the sender's identity, but if one domain fails authentication, it can impact deliverability.

January 2022 - Reddit
Marketer view

Email marketer from Mailhardener explains that the presence of multiple domains in the 'Authentication-Results' header reflects the different domains involved in the email's authentication process. The smtp.mailfrom domain is the envelope sender verified by SPF. Additional domains could be related to DKIM signatures. These domains collectively contribute to the receiving server's assessment of email legitimacy.

January 2023 - Mailhardener
Marketer view

Email marketer from EasyDMARC notes that if the HELO domain does not match the 'MAIL FROM' domain and SPF fails, it can hurt deliverability. A mismatch raises red flags for receiving servers, suggesting potential spoofing or other malicious activity. Alignment between these domains is ideal.

January 2024 - EasyDMARC

What the experts say
5Expert opinions

The presence of multiple domains related to the 'Mail From' field in email headers is explained by several factors including SPF verification, HELO/EHLO checks, and the inclusion of the authserv-id. The 'smtp.mailfrom' domain is the envelope sender verified by SPF, and the HELO/EHLO domain, while not directly in the 'Mail From' field, can also impact deliverability if it doesn't align with the SPF record. The second domain may also be the authserv-id, used in authentication results, or the receiving domain. ISPs consider all domains involved in the transaction when assessing email reputation and deliverability. Sender ID is an older method for determining the sender's identity, however is now not as important.

Key opinions

  • SPF Verification: The 'smtp.mailfrom' is the envelope sender and is verified by SPF.
  • HELO/EHLO Impact: The HELO/EHLO domain is checked during SPF authentication and can affect deliverability.
  • Authserv-id: The second domain may be the authserv-id, which is used in authentication results.
  • ISP Reputation Assessment: ISPs consider all domains involved in the email transaction when assessing reputation.
  • Sender ID Relevance: Sender ID is an older, less significant authentication method.

Key considerations

  • SPF Alignment: Ensure the HELO/EHLO domain aligns with the sending domain's SPF record to improve deliverability.
  • Monitor Domain Reputation: Pay attention to the reputation of all domains involved in your email sending practices.
  • Check 'Received' Header: Examine the 'Received' header to identify the HELO and other domains involved in the email's path.
  • Understand Authentication Results: Familiarize yourself with the Authentication-Results header to understand how different domains are being evaluated.
Expert view

Expert from Email Geeks explains that the second domain in the authentication results might be the receiving domain, and it's unlikely to be included in the reputation calculation.

March 2024 - Email Geeks
Expert view

Expert from Email Geeks explains that smtp.mailfrom is the envelope from, which is verified by SPF. He also suggests the second domain might be the HELO, which SPF also checks against. Mentions that ISPs consider other domains in the transaction when assessing reputation, and you can check the 'received' header to see the HELO.

December 2024 - Email Geeks
Expert view

Expert from Spam Resource discusses how Sender ID, an older email authentication method, uses the Purported Responsible Address (PRA) to determine the sender's identity. It explains that this is often based on the domain in the 'From:' header, however, its impact on deliverability is not as significant as SPF, DKIM or DMARC.

December 2021 - Spam Resource
Expert view

Expert from Word to the Wise explains that the HELO/EHLO domain is checked during SPF authentication. While not directly in the 'Mail From' field, the domain presented in HELO plays a role in authentication and can impact deliverability if it doesn't align with the sending domain's SPF record.

August 2024 - Word to the Wise
Expert view

Expert from Email Geeks confirms that the second domain is the authserv-id, which is meaningless and not going to be the spammy domain in a real hotmail header, it will be hotmail.com

October 2021 - Email Geeks

What the documentation says
3Technical articles

The presence of multiple domains in relation to the 'Mail From' field is explained by the intricacies of SMTP and email authentication. RFC documents establish the 'MAIL FROM' command specifies the reverse-path, vital for SPF authentication. Microsoft's documentation clarifies the 'Authentication-Results' header can display different domains involved in the email path, including 'smtp.mailfrom' (verified by SPF), DKIM signature domains, and the receiving domain. Multiple domains reflect the different authentication stages and services involved in validating an email sender.

Key findings

  • SMTP MAIL FROM: The 'MAIL FROM' command specifies the reverse-path or envelope sender.
  • SPF Authentication: SPF uses the domain in the 'MAIL FROM' for authentication.
  • Authentication-Results Header: The 'Authentication-Results' header can show multiple domains involved in authentication checks.
  • Multiple Domains Reflect Stages: Multiple domains reflect different stages and services in email validation.

Key considerations

  • Understand MAIL FROM: Understand the role of the 'MAIL FROM' command in specifying the reverse-path.
  • Implement SPF: Implement SPF to authenticate the 'MAIL FROM' domain.
  • Interpret Authentication Results: Learn to interpret the 'Authentication-Results' header to identify the different domains and authentication checks performed.
  • Authentication Processes: Be aware that multiple authentication processes occur during email validation.
Technical article

Documentation from RFC Editor explains that SPF uses the domain in the 'MAIL FROM' (envelope sender) for authentication. The receiving server checks if the sending server is authorized to send email for that domain. It doesn't directly address two domains but establishes the importance of the 'MAIL FROM' domain for authentication.

October 2023 - RFC Editor
Technical article

Documentation from RFC Editor explains that the 'MAIL FROM' command in SMTP specifies the reverse-path, which can be a null path (<>) or an email address. While it doesn't directly address two domains, it establishes the syntax for the envelope sender.

March 2023 - RFC Editor
Technical article

Documentation from Microsoft Learn explains that the Authentication-Results header can contain multiple authentication checks, potentially showing different domains involved in the email's path. One domain is the 'smtp.mailfrom' which corresponds to the MAIL FROM and is verified by SPF, while another domain may relate to DKIM signature verification, and a final one being the receiving domain or authserv-id. Microsoft’s systems use authentication checks to assess the validity of an email sender. Seeing multiple domains reflects the various stages and services involved.

September 2023 - Microsoft Learn

Related resources
1Resource

What is a DKIM Signature? Keys to Email Authentication
What is a DKIM Signature? Keys to Email Authentication

What is a DKIM signature and how does it work? Learn how to add an encrypted key to emails to improve authentication and prevent scams.

Email on Acid

Related questions