topic Re: SPF entry not required at all in Email Deliverability

SPF entry not required at all

chas33 — Fri, 23 Apr 2021 10:46:27 GMT

For customers without a dedicated IP (not sure what the status is for dedicated IPs), is there any point to adding a SPF entry to our existing SPF record? We know that the return path cannot be modified to a custom domain name, but rather the return path will be a Hubspot domain name, therefore there will never be a SPF lookup against the a custom domain name's SPF record. Should the advice be that DKIM auth/alignment be the main authentication that is required for all customers using shared IP addresses, and until a custom return path can be utilised, there is no need for a SPF entry? Even if customers went down the path of DMARC enforcement, SPF is still not required currently.

Re: SPF entry not required at all

MiaSrebrnjak — Mon, 26 Apr 2021 10:31:49 GMT

Hi @chas33,

Thank you for reaching out to the Community!

As mentioned in this Knowledge base article, you don't need to add HubSpot to your SPF record unless you're using a DMARC policy to customize your domain authentication, or if you already have an existing SPF record.

But I wanted to tag a few subject matter experts here as well: @Jonno_Price, @Alejandro_, @KTownsend would you maybe like to share your opinion?

Thanks,

Mia.

Re: SPF entry not required at all

Jonno_Price — Mon, 26 Apr 2021 10:46:56 GMT

Thanks for tagging me @MiaSrebrnjak - I don't have anything additional to add other than to say I simply follow this: https://knowledge.hubspot.com/email/do-i-need-to-add-hubspot-to-our-spf-record

"You don't need to add HubSpot to your SPF record unless you're using a DMARC policy to customize your domain authentication, or if you already have an existing SPF record. While you don't need to update your SPF record, it's always recommended to connect your email sending domain. "

Re: SPF entry not required at all

chas33 — Mon, 26 Apr 2021 11:46:59 GMT

Thanks Mia.

Can we assume that 'customise your domain authentication' means that customers have chosen a 'strict' alignment for SPF?

Even if customers had a 'strict' alignment policy for SPF, if the return path or 'envelope from' cannot be configured to match the customer's sending domain, then in a shared IP scenario, you can never attain DMARC alignment for SPF in any case.

Re: SPF entry not required at all

chas33 — Mon, 26 Apr 2021 12:13:32 GMT

If a customer has an existing SPF record (I would say a large portion would), and they were to read the article mentioned, customers would add the SPF entry to their own SPF record. I believe this is not required in a shared IP scenario for the following reasons:

- the return path/envelope from does not match the customer's sending domain name to begin with therefore there is no SPF lookup against the customer's sending domain. The lookup will take place against Hubspot's domain name as they are listed in the envelope from/return path in a shared IP scenario.

- for those implementing DMARC, SPF alignment is not possible anyway until the custom return path can be configured to match the customer's sending domain name

- you use up 1/10 domain lookups in the SPF lookup limit for an application which does not require it

Connecting your sending domain by authenticating via DKIM makes the most sense - this will give DKIM authentication and alignment. SPF is not effective unless the lookup is made against the customer's domain name.

Re: SPF entry not required at all

billb3 — Thu, 02 Sep 2021 20:34:13 GMT

@chas33 nailed it with their answer. the majority of users don't need to set it up even if they are using DMARC or have an existing SPF record.

Re: SPF entry not required at all

christirpak — Tue, 12 Apr 2022 21:28:38 GMT

SPF is industry best practice and SPF is required for DMARC, another best practice recommended by ALL major email providers. Additionally, proper SPF alignment is required to properly implement BIMI. REQUIRED NOT OPTIONAL.
HubSpot telling people SPF is not required is completely out of alignment (pun intended) with the email industry. Not supporting SPF alignment is very limiting for customers and again, out of alignment with the industry.