I'm interested in moving from ~all
to -all
in my SPF record in order to lock down my domain emails a bit more, but I want to know what the impacts might be (I do understand at ~ is SOFTFAIL and - is FAIL).
My domain's SPF record currently looks like this: v=spf1 include:_spf.google.com ~all
since we use Google Workspace for email. But we also use Amazon SES for our website's transactional emails (account registration, order confirmation, etc), so we have configured some CNAMES to enable that. And for our marketing emails we use Drip, which had us configure a CNAME as well, they use SendGrid underneath.
If I change my SPF from ~all
to -all
could this impact deliverability of my emails being sent via Amazon SES or Drip/Sendgrid? Instructions from Amazon and Drip do not include steps to modify my SPF record, so I'm guessing there shouldn't be an impact, but that is just a guess.
One more thing to consider is that I'm also considering making my DMARC record more restrictive as well, changing it from v=DMARC1; p=none;
(no policy) to v=DMARC1; p=quarantine;
. Would this also have have an impact on whether I should use -all
in my SPF?
Edit with additional info:
To be a little more clear I have these CNAME entries in my DNS, and these are specifically requested by my Drip provider, and Amazon SES...
Type | Name | Value |
---|---|---|
CNAME | drip.herobullion.com. | u19706134.wl135.sendgrid.net |
CNAME | o6x5araaijdl472tryvyp5tvniyzv2o2._domainkey | o6x5araaijdl472tryvyp5tvniyzv2o2.dkim.amazonses.com |