Will SPF and DKIM on a subdomain but delivering emails through a main domain cause an issue?

Summary

Experts, marketers, and documentation consistently indicate that using a subdomain for sending emails is a common and acceptable practice, provided that SPF and DKIM are correctly configured for that subdomain. SPF authenticates the 'MAIL FROM' address (return-path), while DKIM authenticates the message content via a digital signature. Although SPF and DKIM do not authenticate the 'From' header, the alignment of these authentications with the sending subdomain is crucial for deliverability and for passing DMARC checks. Monitoring the subdomain's reputation and setting up general email authentication is essential for good delivery rates and for ensuring recipients recognize the sender. Poor sending practices can significantly impact deliverability.

Key findings

  • Subdomain Usage: Using subdomains for sending emails is a common and recommended practice.
  • Authentication Scope: SPF authenticates the 'MAIL FROM' address, and DKIM authenticates the message content.
  • Alignment Importance: Alignment of SPF and DKIM with the sending subdomain is critical for deliverability and passing DMARC checks.
  • Reputation Monitoring: Monitoring the subdomain's reputation is crucial for maintaining deliverability.
  • Authentication Essential: Setting up email authentication generally is a crucial first step for ensuring proper email delivery and sender recognition.
  • Impact of Poor Practices: Poor sending practices can significantly impact deliverability rates.

Key considerations

  • Configuration Accuracy: Ensure SPF and DKIM are accurately configured for the sending subdomain.
  • Reputation Management: Actively monitor and manage the reputation of each sending subdomain to prevent deliverability issues.
  • Alignment Verification: Verify that authentication is aligned with the sending subdomain, especially with respect to DMARC.
  • Holistic Email Authentication: Implementing and maintaining proper email authentication will help ensure messages are delivered as expected.

What email marketers say
7Marketer opinions

Experts and marketers agree that using a subdomain for sending emails is a common and acceptable practice. However, it is crucial to properly configure SPF and DKIM records for that subdomain. While the 'From:' domain might be the main domain, the authentication must align with the sending subdomain to ensure deliverability and avoid spam filters. Monitoring the subdomain's reputation is also essential, as poor sending practices can negatively impact deliverability. Setting up email authentication helps recipients recognize and trust the sender.

Key opinions

  • Subdomain Usage: Using subdomains for sending emails is a common and recommended practice.
  • SPF/DKIM Configuration: Properly configured SPF and DKIM records for the sending subdomain are essential for deliverability.
  • Alignment Importance: Authentication must align with the sending subdomain, even if the 'From:' domain is different.
  • Reputation Monitoring: Monitoring the reputation of each subdomain is crucial for maintaining deliverability.
  • Authentication Necessity: Setting up email authentication is the first step to ensuring email gets delivered correctly.
  • Sender Reputation: Maintaining a good IP address and sending domain reputation is essential for good deliverability.

Key considerations

  • Proper Configuration: Ensure SPF and DKIM records are correctly set up for the subdomain.
  • Reputation Management: Actively monitor and manage the reputation of each sending subdomain.
  • Alignment Verification: Verify that authentication aligns with the sending subdomain to pass DMARC checks.
  • Sender Information: Ensuring recipients recognize that you are who you say you are is essential to improve email deliverability.
Marketer view

Email marketer from GlockApps shares that your IP address and sending domain are two of the most important factors that impact your email deliverability. Make sure that you maintain a good reputation with both of them.

May 2023 - GlockApps
Marketer view

Email marketer from Mailjet shares that using a subdomain for sending emails is a common practice, and SPF and DKIM should be properly configured for that subdomain. They emphasize that while the From: domain might be the main domain, the SPF and DKIM authentication should align with the sending subdomain to ensure deliverability and avoid spam filters.

January 2025 - Mailjet

What the experts say
3Expert opinions

Experts agree that using a subdomain for sending emails does not inherently cause issues if email authentication is properly configured. SPF and DKIM authenticate different parts of the email (return path and message, respectively), and their alignment with the sending subdomain is crucial, even if the 'From' header uses the main domain. Setting up email authentication correctly is essential for good delivery rates, as it allows receiving domains to verify the sender's identity and prevent spoofing.

Key opinions

  • Authentication Target: SPF and DKIM authenticate different parts of the email, not the 'From' header.
  • Subdomain Acceptance: Using a subdomain for sending is acceptable if authentication is correctly configured.
  • Authentication Alignment: Proper alignment of SPF and DKIM with the sending subdomain is crucial for deliverability.
  • Authentication Necessity: Email authentication is essential for good delivery rates.
  • Verification: Email authentication helps receiving domains verify the sender's identity.

Key considerations

  • Correct Configuration: Ensure SPF and DKIM are properly configured for the sending subdomain.
  • Authentication Verification: Verify that the sending subdomain's authentication is correctly aligned.
  • Sender Verification: Verify that receiving domains can recognize and verify the sender's identity to improve email deliverability.
Expert view

Expert from Word to the Wise explains that Email Authentication can be difficult to set up but is essential for good delivery rates. Email Authentication helps receiving domains verify that your mail really came from you and that it wasn't spoofed by someone else.

December 2022 - Word to the Wise
Expert view

Expert from Email Geeks explains that neither SPF nor DKIM authenticate the From header, and it's not unusual for the domains they do authenticate to be different from the one in the From header. The return path uses the mg. hostname, which is what you'd expect the SPF to authenticate. The d= in DKIM is aligned with the domain in the From. It's the ideal you aim for and will not cause any issues.

September 2021 - Email Geeks

What the documentation says
5Technical articles

Technical documentation consistently states that using a subdomain for sending emails is acceptable, provided that SPF and DKIM are correctly configured for that subdomain. SPF authenticates the 'MAIL FROM' address (return-path), while DKIM authenticates the message content via a digital signature. DMARC relies on the proper alignment of SPF and DKIM. Ensuring SPF and DKIM align with the sending domain, particularly in the 'From:' header, is crucial for passing DMARC checks and avoiding deliverability issues.

Key findings

  • Subdomain Delegation: SPF records can be delegated for subdomains, enabling sending email from a subdomain.
  • SPF Authentication: SPF authenticates the 'MAIL FROM' address (return-path).
  • DKIM Authentication: DKIM authenticates the message content with a digital signature.
  • SPF record for Subdomain: Publish the SPF record for the subdomain to authenticate the sending server when sending emails from the subdomain.
  • DMARC Alignment: DMARC relies on proper alignment of SPF and DKIM.

Key considerations

  • SPF Configuration: Ensure the SPF record includes all sending sources for the subdomain.
  • Authentication alignment: It's crucial to ensure SPF and DKIM align with the domain in the From: header to pass DMARC checks.
Technical article

Documentation from DMARC.org explains DMARC (Domain-based Message Authentication, Reporting & Conformance) relies on the proper alignment of SPF and DKIM. It's crucial to ensure SPF and DKIM align with the domain in the From: header to pass DMARC checks.

March 2025 - DMARC.org
Technical article

Documentation from DKIM specifies that DKIM authenticates the message by adding a digital signature to the email header. The 'd=' tag in the DKIM signature indicates the domain responsible for signing the message. As long as the DKIM signature verifies against the domain specified in the 'd=' tag, it should pass authentication, even if the 'From:' header uses a different domain.

December 2023 - DKIM.org