0

It's my understanding that SPF works on the envelope sender/return-path/RFC5321.MailFrom domain. We use a third party email service called Campaign Monitor and their domain has the required SPF record. Emails that are sent have their domain as the envelope sender/return path.

I'm now reading this from Google:

The SPF record for your domain should reference all email senders for your domain. If third-party senders aren't included in your SPF record, messages from these senders are more likely to be marked as spam.

Source: https://support.google.com/mail/answer/81126

And this from Campaign Monitor:

However, it is an optional but recommended step to include our servers in an SPF record for your domain.

Source: https://help.campaignmonitor.com/email-authentication#spf

Suggestion that "some local anti-spam services" may require this:

While we handle SPF for you, some anti-spam services on your local network may be particularly strict, requiring our domain to be added to your own existing SPF record

Source: https://help.campaignmonitor.com/allowlist-campaign-monitors-addresses#spf

Possibly relevant article:

Another day, another ESP telling a client to publish a SPF include for the wrong domain.

Source: https://wordtothewise.com/2022/06/stop-with-the-incorrect-spf-advice/

Why are we being told that we should add their domains to our own domain's SPF record? Who are these "anti-spam" services that aren't following the rules?

2
  • Are you sure that they are using their own domain, everything on their points to me that you guys only use their platform with your own domain.
    – Turdie
    Commented Dec 21, 2023 at 10:14
  • Positive. The smtp.mailfrom in the message headers is an address @cmail20.com which belongs to Campaign Monitor Commented Dec 21, 2023 at 10:47

1 Answer 1

0

It's my understanding that SPF works on the envelope sender/return-path/RFC5321.MailFrom domain. ... Emails that are sent have their domain as the envelope sender/return path

Yes, technically you don't need it, however:

  1. There are many implementations of SPF validation, at least some of them may not be compliant.

  2. When your envelope sender does not match the From header, most providers will increase your spam score (hence 1 may be deliberate)

We use a third party email service called Campaign Monitor...Emails that are sent have their domain as the envelope sender/return path

Hmmmm. Although I imagine this will simplify capturing bounce stats.

6
  • I don't see how point 2 is relevant. Google stipulating the requirement in their "2024 email sender guidelines" feels like more than pandering to non-compliant filters. Commented Dec 21, 2023 at 14:04
  • Google only make rules for google. Not the entire internet. As far as email is concerned, most people make up their own.
    – symcbean
    Commented Dec 21, 2023 at 14:16
  • The 2024 sender requirements are a collaboration between the major players, including Google and Yahoo Commented Dec 21, 2023 at 14:19
  • You are conflating Google's policy, other operators policy and rfc7208.
    – symcbean
    Commented Dec 21, 2023 at 17:01
  • Just trying to understand why ESPs are seemingly giving bad advice as to where to publish SPF records and indeed if this is not bad advice, why. Ultimately do I need to liaise with my clients and get new SPF records added as a result of "new" requirements being touted by Google and Yahoo. Commented Dec 22, 2023 at 15:10

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .