HubSpot Ideas

wilsontayar

Define custom Return-Path without a dedicated IP

Currently, if the portal does not have the dedicated IP add-on, all e-mails are sent using a "hubspotemail.net" domain in the "Return-Path" header.

By doing so HubSpot is breaking SPF Alignment rules. SPF and DKIM alignment are positive indicators and should be considered for the security of users, even those that do not need a dedicated IP setup. 

 

Competitors are already offering this feature with a simple CNAME entry, see: https://postmarkapp.com/support/article/910-how-do-i-add-a-custom-return-path 

 

Without proper return-path values, all DMARC reports and Google's Postm Authentication reports show SPF fails, making it harder to detect problems and postponing companies to fully implement DMARC's quarantine/reject policies.

42 Replies
RussAnderson
Member

My understanding is that a DMARC pass happens when either of the DKIM or SPF check passes, you don't need both. It's bewilderingly terrible that hubspot can't properly support SPF, a most basic of email security features, but so long as the DKIM works the DMARC will pass and Google/Yahoo will allow it.

GabrielRobert
Member

Email deliverability is a priority.