Becoming DMARC compliant should be the goal of any brand that sends email to current or potential customers. Sender Policy Framework (SPF) is a component of DMARC compliancy and an email authentication protocol that allows a domain owner to specify which mail servers are used to send email from that specific domain. Once you have DMARC set up and begin reviewing your Delivery Center SPF reports, both SPF authentication and alignment categories will be focal points of your data.
Authentication and Alignment
SPF is evaluated on two levels for DMARC compliance: authentication and alignment. DMARC relies on these standards to reach full compliance. Therefore, each measure must pass for DMARC to be properly applied to your brand’s emails.
When a correspondence is received, the inbox will perform tests to verify the message was sent from an IP address or third-party provider you designated in your SPF record. If you haven’t published an SPF record for all domains/subdomains that send email on your behalf, you should do so now.
An email passes SPF authentication when delivered from an IP address published in the SPF policy for the domain found in the “mail from” envelope. On the other hand, messages fail SPF authentication when delivered from an IP address NOT published in the SPF policy for the domain found in the “mail from” envelope. That’s the short and sweet of authentication.
Learn More About SPF Authentication [link to related content]
Alignment is another SPF test that consists of inboxes checking whether the sending domain (in multiple parts of the message) matches. Emails pass this assessment when the <From:> header visible to the receiver matches the domain used to authenticate SPF (e.g., envelope “mail from:” domain). When a message fails SPF alignment, the <From:> header visible to the recipient DOES NOT match the domain used to authenticate SPF. In a nutshell, the “from” designator holds the key to SPF alignment.
To achieve 100% DMARC compliance, authentication and alignment must pass their respective test. Specific to your brand, confirming both SPF authentication and alignment function correctly helps the domain achieve optimal DMARC compliance, resulting in higher email delivery rates to intended inboxes and less spoofing/phishing attacks. What business doesn’t want that?