Publish SPF Records and Identify Business Owners

Steps 9 and 10 in this process are iterative: you will likely publish and update SPF records for your domains as you work with the business owners in your organization and you gain confidence in the comprehensiveness of your domain records.

Similarly, as you gain more confidence, you will update your SPF records as you start with a neutral authorization (“?all”) and move to a softfail authorization (“~all”) to a fail authorization (“-all”) as you continue to monitor data.

What if my Sender doesn’t support SPF?

Some senders may only support aligned SPF from a dedicated IP address. (For example, the sender Marketo) . See Look up your SPF records at Agari, to test if an IP address is authorized in that hosted record.

In this case, to pass DMARC without the dedicated IP option you must use DKIM to sign your messages using an aligned DKIM signing domain.

Remember that the DMARC specification states that if one or both the SPF and DKIM checks succeed while still being aligned with the policy set by DMARC, then the check is considered successful; otherwise the DMARC check is set as failed.

Copyright © Fortra, LLC and its group of companies.
All trademarks and registered trademarks are the property of their respective owners.
202404031216 | April 2024