HubSpot Ideas

ptollinger

SPF alignment for DMARC without a dedicated IP for outgoing emails

As you know, DMARC requires for SPF not only that the SPF record has the correct IPs but that the domain used to validate against matches the sending domain.  Talking to support, this is possible with a dedicated IP but that doesn't make sense unless you are sending 100k+ emails a month. 

 

Most major email senders support this by allowing a CNAME in your domain (like hubspot.<mydomain>.com  to bounce.hubspot.com (or whatever).  This allows SPF validation in DMARC without much complexity.  It would be great if you supported this. 

 

To be clear, you can technically support DMARC as is with only DKIM which does allow alignment, but given all the ways people attempt spam identification, having both match is very useful.

12 Comentários
iarovuo
Membro

Upcoming BIMI will also require quarantine or reject policy, which means DMARC will need to be satisfied, which in turn means DKIM and SPF needs to align and pass.

 

The emails seem to have two DKIM selectors as well hs1 and hsaqkeyu1 

hs1 works as there is cname records in place for it, but why do we have another unaligned redundant selector?

ITPlannit
Membro

This is exactly the implementation required to make DMARC work correctly in reject mode and enable the implementation of BIMI.

Is it possible to find out if anyone at HS is working on this new BIMI standard, but especially the full DMARC implementation and domain alignment?

 

HS is even described in this article as not possible.

https://glockapps.com/blog/strengthen-your-brand-bimi/

hemp
Membro

Adding my +1.

 

HubSpot is defficient here relative to most other email marketing providers. This should be a relatively simple project given that SPF CNAMEs are already supported.

MPrentice
Participante

This is significantly impacting our business as well. It's disheartening that there isn't a clear statement that work is in progress to make this better. The only thing I've seen from HubSpot is a community manager post saying that SPF Alignment failures are just fine and can be ignored and offering an undocumented custom emailfrom add-on to solve this.

Momenta
Colaborador(a)

So let me get this straight - a tools focused on online marketing can't do even basic email authentication. Forgive me, but **bleep** Hubspot? I just implemented a new Valimail email sendability assessment, and it tells me our score is low because Hubspot.  What is status to fix this???

PDodd5
Membro

+1 To this.

 

Our other email providers allow us to customise the stmp.mailfrom address via a CNAME. 

 

It's only emails from hubspot now that are failing DMARC for SPF.

 

 

Lumen5KJ
Participante

Heads-up to everyone following. Please consider upvoting this Idea, which is closely related to this one. Hopefully, we can collectively get more visibility on both Ideas so that it gets flagged for consideration by the HubSpot product team.

rlevans
Participante

Adding my support for this idea here. Hubspot accounts for about 60% of our email volume. All of it is SPF unaligned. When we view our deliverability reports with Google and other inbox providers we are constantly dinged by having such a high volume of email from a domain that is unaligned. 

 

I'm surprised there has been no response to this thread from anyone on the Hubspot product team. 

MoritzZHh
Membro

Would be great to finnaly have this!

plillevold
Membro

Arriving here to add my strong vote to this feature. Our HubSpot traffic have 0% SPF alignment, unlike other providers (MS, SendGrid, Freshdesk) we use that have 95-100%. Initially, I thought we were doing something wrong in our SPF configuration setup for HubSpot marketing email. After a long conversation with HubSpot Support it became clear that it is the lack of support for aliasing the "Mail From" that prevent HubSpot email to be SPF aligned.

As others have stated in this thread, and as other providers have done, this is clearly possible to implement. 

It is disheartening to see that this idea have been promoted here a long time ago, yet without any attention from HubSpot.

 

mattdickson
Membro

+1 to this idea. Very disappointed that HubSpot are not addressing the issue.

Please add it to the roadmap and advise when we can set a custom return path to alleviate SPF failures or otherwise advise why you are opting not to do it.

Thanks!

groves
Participante

The ability to define a custom Return-Path header is related to this and discussed at https://community.hubspot.com/t5/HubSpot-Ideas/Define-custom-Return-Path-without-a-dedicated-IP/idi-...