Contents x
      SPF Record
      • 2 Minutes to read
      • Print
      • Dark
        Light
      Contents

      SPF Record

      • 2 Minutes to read
      • Print
      • Dark
        Light
      Article summary

      Overview

      The Sender Policy Framework (SPF) is an email authentication protocol that helps protect your domain from spoofing and phishing. It verifies that messages claiming to come from your domain are actually sent from servers you’ve authorized. SPF is critical for:

      • Preventing unauthorized use of your domain in the "return path" (envelope sender)

      • Improving email deliverability and sender reputation

      • Enhancing protection against phishing attacks

      Once SPF is set up, your domain becomes less attractive to spammers, making your emails more likely to reach recipients' inboxes.

      To configure SPF for your Mapp Engage system, please contact your customer service representative.

      Configuration and Behavior

      1. Understand What SPF Does

      • SPF authenticates the envelope sender address (also called the SMTP return path).

      • The SPF record lists all servers allowed to send emails on behalf of your domain.

      • It is published in your domain's DNS settings.

      • Receiving mail servers look up this record to determine whether a message from your domain is legitimate.

      • Emails sent from unauthorized servers are rejected or marked as spam.

      2. Add Mapp Engage to Your DNS

      To allow Mapp Engage to send emails using your domain:

      1. Access your domain’s DNS settings.

      2. Add or update your SPF TXT record to include Mapp’s mail servers.

      3. This authorizes Mapp Engage to send authenticated emails from addresses like @mydomain.com.

      Note: Even if your domain already has an SPF record, you must explicitly add Mapp Engage to it.

      3. Using Subdomains

      If you're sending from a subdomain (e.g., @sales.mybrand.com) that doesn’t yet have an SPF record, you must create or update the SPF record separately for that subdomain—even if the parent domain has one.

      4. Check SPF with Message Check

      Use the Message Check feature in Mapp Engage to verify SPF setup before sendout. This helps prevent authentication failures and deliverability issues.

      5. Understand SPF Behavior in Mapp Engage

      • When SPF is configured, the group domain (based on the DNS entry) is automatically assigned when you create a new group.

      • This domain cannot be edited after creation.

      • You can still manually define a From Address in the group settings.

      • This From Address must also be authorized by SPF if it’s different from the group domain.

      6. Header Behavior

      Mapp Engage distinguishes between two types of addresses in email headers:

      • Return Path = the envelope sender or SMTP Return-Path

      • From Address = the sender address visible to recipients

      Here’s how they behave:

      • If Mapp is not authorized to send from the specified From Address, the SPF check fails.

      • If Mapp is authorized to send from it, SPF passes, even if the From Address differs from the Return Path.

      • SPF does not compare these two addresses — it only checks the Return Path.

      • However, to pass DMARC, the Return Path and From Address must match.

      💡 Best practice: Keep the Return Path and From Address identical unless you have a specific reason not to.

      Was this article helpful?
      Related articles
      What's Next
      ESC

      AI Assistant, facilitating knowledge discovery through conversational intelligence