SPF alignment for DMARC without a dedicated IP for outgoing emails
As you know, DMARC requires for SPF not only that the SPF record has the correct IPs but that the domain used to validate against matches the sending domain. Talking to support, this is possible with a dedicated IP but that doesn't make sense unless you are sending 100k+ emails a month.
Most major email senders support this by allowing a CNAME in your domain (like hubspot.<mydomain>.com to bounce.hubspot.com (or whatever). This allows SPF validation in DMARC without much complexity. It would be great if you supported this.
To be clear, you can technically support DMARC as is with only DKIM which does allow alignment, but given all the ways people attempt spam identification, having both match is very useful.
Upcoming BIMI will also require quarantine or reject policy, which means DMARC will need to be satisfied, which in turn means DKIM and SPF needs to align and pass.
The emails seem to have two DKIM selectors as well hs1 and hsaqkeyu1
hs1 works as there is cname records in place for it, but why do we have another unaligned redundant selector?
HubSpot is defficient here relative to most other email marketing providers. This should be a relatively simple project given that SPF CNAMEs are already supported.
This is significantly impacting our business as well. It's disheartening that there isn't a clear statement that work is in progress to make this better. The only thing I've seen from HubSpot is a community manager post saying that SPF Alignment failures are just fine and can be ignored and offering an undocumented custom emailfrom add-on to solve this.
So let me get this straight - a tools focused on online marketing can't do even basic email authentication. Forgive me, but **bleep** Hubspot? I just implemented a new Valimail email sendability assessment, and it tells me our score is low because Hubspot. What is status to fix this???
Heads-up to everyone following. Please consider upvoting this Idea, which is closely related to this one. Hopefully, we can collectively get more visibility on both Ideas so that it gets flagged for consideration by the HubSpot product team.
Adding my support for this idea here. Hubspot accounts for about 60% of our email volume. All of it is SPF unaligned. When we view our deliverability reports with Google and other inbox providers we are constantly dinged by having such a high volume of email from a domain that is unaligned.
I'm surprised there has been no response to this thread from anyone on the Hubspot product team.
Arriving here to add my strong vote to this feature. Our HubSpot traffic have 0% SPF alignment, unlike other providers (MS, SendGrid, Freshdesk) we use that have 95-100%. Initially, I thought we were doing something wrong in our SPF configuration setup for HubSpot marketing email. After a long conversation with HubSpot Support it became clear that it is the lack of support for aliasing the "Mail From" that prevent HubSpot email to be SPF aligned.
As others have stated in this thread, and as other providers have done, this is clearly possible to implement.
It is disheartening to see that this idea have been promoted here a long time ago, yet without any attention from HubSpot.
+1 to this idea. Very disappointed that HubSpot are not addressing the issue.
Please add it to the roadmap and advise when we can set a custom return path to alleviate SPF failures or otherwise advise why you are opting not to do it.
