Why does SPF alignment show as 0% on Validity, even when SPF passes?
Summary
What email marketers say9Marketer opinions
Email marketer from GlockApps responds that SPF alignment issues can occur because the return-path domain is different from the from domain. They suggest checking the 'return-path' and 'from' domains to ensure they match, or configure a custom return-path domain to align with the 'from' domain.
Email marketer from Sendgrid suggests that the most common reason for SPF passing but failing to align is the use of a shared sending infrastructure where the MAIL FROM domain is different from the From domain. They suggest using a custom MAIL FROM domain or DKIM as potential solutions.
Email marketer from URIports notes that shared sending infrastructures use different domains in the MAIL FROM header. Therefore, the SPF check passes based on the IP address of the sending server used by the sending service provider. The email fails the SPF alignment check because it does not match the domain in the From header.
Email marketer from Email on Acid shares that 0% SPF alignment often occurs when using third-party sending services where the 'MAIL FROM' domain is different from the sender's domain. This is because these services use their own infrastructure for sending, affecting SPF alignment.
Email marketer from Stackoverflow comments on why SPF alignment fails is because SPF is evaluated on the 'MAIL FROM' address and DMARC often requires alignment with the 'From' header. If these don't match, SPF passes but fails to align for DMARC purposes.
Email marketer from Reddit mentions that when using third-party senders, they often use their own domains for the 'MAIL FROM' address. This allows them to manage their reputation but results in SPF passing based on their domain, not aligning with yours.
Email marketer from Email Marketing Forum adds that many ESPs send emails on behalf of their customers, and the SPF record that passes is for the ESP, not the customer's domain, which causes SPF to pass, but not align with the customer's 'From' domain. Setting up a custom domain or DKIM is suggested.
Email marketer from Mailjet states that SPF alignment issues often arise when ESPs use a subdomain or a different domain for the 'MAIL FROM' address. While SPF can still pass based on the ESP's domain, it won't align with the sender's domain unless properly configured with custom MAIL FROM settings.
Email marketer from EasyDMARC highlights that SPF alignment fails when the 'MAIL FROM' domain doesn't match the 'From' domain. Even if the SPF check passes based on the sending server's domain, it won't align with your domain, impacting DMARC compliance.
What the experts say6Expert opinions
Expert from Spam Resource explains that SPF authenticates the server sending the email but doesn't necessarily align with the domain in the 'From' header, which DMARC requires. The domains in the 'MAIL FROM' and 'From' header must match or be related for proper alignment.
Expert from Email Geeks clarifies that SPF needs to pass and be aligned for DMARC to pass, but DMARC can also pass if DKIM passes and is aligned independently of SPF. DMARC only needs one (SPF or DKIM) to pass and align in order to pass.
Expert from Email Geeks explains that if the DKIM domain (`d=`) doesn't align, DKIM can pass while DMARC fails.
Expert from Email Geeks explains that mail from several ESPs, including Mailchimp and Constant Contact, often shows 0% SPF alignment. Also unless explicitly configured, Sendgrid and Amazon SES, will also show this.
Expert from Word to the Wise explains that the reason you want alignment is to pass DMARC. SPF alignment is about making sure that the domain in the From: header is the same as the domain that was authorized to send the mail.
Expert from Email Geeks confirms that SPF can pass without alignment because passing and aligning are two different things.
What the documentation says5Technical articles
Documentation from AuthSMTP explains that the domain in the MAIL FROM and From header must match to satisfy SPF Alignment. This means that if your SPF record is configured correctly and SPF passes but your SPF alignment is still 0%, the domain in your From and MAIL FROM headers do not match, causing SPF alignment to fail.
Documentation from DMARC.org explains that for SPF to align, the domain in the 'MAIL FROM' (also known as the envelope from or return-path) must exactly match the organizational domain in the 'From' header, or be a subdomain of it, depending on whether 'strict' or 'relaxed' alignment is used. If there's no match, SPF will pass but not align.
Documentation from RFC 4408 outlines that SPF alignment requires the domain in the 'MAIL FROM' to match the domain used to evaluate DMARC. A discrepancy leads to alignment failure even if SPF passes based on the 'MAIL FROM' domain.
Documentation from Microsoft says that if you are using a third-party email service, the MAIL FROM address might be different from your domain. This can result in SPF passing based on the third-party service's SPF record but not aligning with your own domain, impacting DMARC compliance.
Documentation from Google Workspace Admin Help explains that SPF alignment fails if the domain used in the 'MAIL FROM' (envelope sender) address does not match the domain in the 'From' header address. Even if SPF passes based on the 'MAIL FROM' domain, alignment is necessary for DMARC to use SPF for authentication.