For our support team, SPF-related questions crop up a lot! But since 2019, when we switched from SPF/DKIM verification to VERP (Variable Envelope Return Path), we do all the SPF bizzle behind the scenes!
What is SPF (Sender Policy Framework Record)?
Updating your SPF record is extremely important when using an external SMTP provider. When your emails arrive to an incoming server, the incoming server will check the SPF record to again see ‘who’ has permission to send on a domain’s behalf! SMTP2GO now implements a clever method of SPF checking using a CNAME instead. This gives many advantages over the standard SPF record, including better security and easy DNS verification.
What the VERP?
SMTP2GO now sends mail with a return-path email address at a subdomain of your sender domain name (all of the necessary information and CNAME values can be found within the Verified Senders section of your dashboard).
For maximum email delivery rates and better branding, it is important to add any domain names (that you send emails from) to the Sending > Sender Domains page. Adding a sender domain means that SPF and DKIM are automatically handled by us.
If you don’t set up a sender domain, SMTP2GO signs all emails with our own DKIM signature. This means that some recipients will see emails as being delivered “via smtpcorp.com” or “via smtp2go.com”.
Previously, we would simply send emails using the exact same return-path email address as the one in your ‘From’ header. As the SPF protocol checks the domain name of the return-path email address, it will pass as there will be a CNAME pointing to us (and we maintain a correct SPF record at the subdomain it points to).
In a nutshell…
The return.smtp2go.net CNAME record handles the SPF verification for your domain. This is the new industry standard means of verification and does not require you to include us on your own publically available SPF, which makes things more secure!
Once the CNAME records for the sender domain have been updated correctly (within the DNS provider’s dashboard), your domain will show as ‘Verified’ on your Verified Senders page.
If the domain is not verifying, however, one possible problem could be that you have multiple DNS servers, and one or more of them are not reporting the correct result.
It’s still not verifying… What can I do?
You can search for cname:hostname.com:all at MxToolbox, which will show the results from each of your individual DNS servers. Make sure to replace hostname.com with the particular CNAME hostname that you are trying to verify (e.g. em100.yourdomain.com). You can also hover your mouse over the red/orange exclamation symbol on the Sender Domains page, to see any error message in a tooltip.