Back to Course
Լight modeDark mode

What is SPF Alignment?

An email message is made up of several different headers. Each header contains information about certain attributes of an email message, including the date sent, where it was sent, and to who it was sent to. SPF deals with two types of email headers:

  • The <From:> header
  • The Return-Path header

When the domain in the From header and the domain in the return-path header match for an email, SPF alignment passes for that email. However, when the two are not a match, it consequently fails. SPF alignment is an important criterion that decides whether an email message is legitimate or fake.

Shown above is an example where the From: header is in alignment (exactly matches) with the Return-path header (Mail From),hence SPF alignment would pass for this email.

Why Does SPF alignment fail?

Case 1: Your SPF alignment mode is set to strict

While the default SPF alignment mode is relaxed, setting a strict SPF alignment mode can lead to alignment failures if the return-path domain happens to be a subdomain of the root organizational domain, while the From header incorporates the organizational domain. This is because for SPF to align in a strict mode, the domains in the two headers must be an exact match. However, for relaxed alignment, if the two domains share the same top-level domain, SPF alignment will pass.

Shown above is an example of a mail that shares the same top-level domain but the domain name isn’t an exact match ( the Mail From domain is a subdomain of the organizational domain company.com). In this case, if your SPF alignment mode is set to “relaxed”, your email will pass SPF alignment, however for a strict mode, it will fail the same. 

Case 2: Your domain has been spoofed

A very common reason for SPF alignment failures is domain spoofing. This is the phenomenon when a cybercriminal takes over your identity by forging your domain name or address to send emails to your receivers. While the From: domain still bears your identity, the Return-path header displays the original identity of the spoofer. If you have SPF authentication in place for your forged domain, the email inevitably fails alignment on the receiver’s side.

Case 3: Your Third-Party Email Vendors are Not Aligned 

If you are using third-party email vendors whom you are not including in your SPF record, there is a chance of misalignment. This is the most common example of SPF alignment failure and happens most often. 

This happens when you use external email vendors like Office 365 or MailChimp to send emails but don’t include their IPs in your SPF record. This makes email receivers perceive these emails as spam or impersonated.

SPF Alignment >What is SPF Alignment?
Course content
Advanced Email Authentication Course