SPF and DKIM required for reply to domain? | Community
Skip to main content
Alok_biswas
Alok_biswas
New Participant
February 21, 2024
Solved

SPF and DKIM required for reply to domain?

  • February 21, 2024
  • 1 reply
  • 3593 views

Do we need to have SPF and DKIM to be set for the reply to domain (for ex: domain.com), if it's different from sender domain (for ex: from.domain.com)?

This post is no longer active and is closed to new replies. Need help? Start a new post to ask your question.
Best answer by SanfordWhiteman

Nope! In fact in a standard shared Marketo instance, there’s no reason to update any SPF records at all. (The header From: is not used by SPF, only the envelope MAIL FROM is used. And a standard instance doesn’t use your domain in the MAIL FROM, it uses the Marketo-controlled <nnnn>.mktomail.com.)

1 reply

SanfordWhiteman
SanfordWhitemanAccepted solution
New Participant
February 21, 2024

Nope! In fact in a standard shared Marketo instance, there’s no reason to update any SPF records at all. (The header From: is not used by SPF, only the envelope MAIL FROM is used. And a standard instance doesn’t use your domain in the MAIL FROM, it uses the Marketo-controlled <nnnn>.mktomail.com.)

Alok_biswas
Alok_biswasAuthor
New Participant
February 22, 2024

Hi @sanfordwhiteman ! we're using a dedicated IP and not a shared.

 

I'm bit confused about this as I know that if we are using company domain in the from address then we need set SPF and DKIM for better deliverability: "a standard instance doesn’t use your domain in the MAIL FROM, it uses the Marketo-controlled <nnnn>.mktomail.com."

 

Please can you elaborate the working logic here? It would be helpful. Marketo instance with shared IP doesn't need SPF and DKIM? 

 

Current we have set SPF txt record and DKIM key for our email sending domain i.e, the sub domain of our root domain. But we want to use the root domain (where we haven't set any SPF and DKIM) for our reply to address. So just to re-confirm we don't need to set any SPF and DKIM for the reply to address? or we need to do any config at Marketo end for reply to  address?

SanfordWhiteman
SanfordWhiteman
New Participant
February 22, 2024
we're using a dedicated IP and not a shared.

It’s less about the dedicated IP as about your branded envelope sender domain, if you have one.

 

The branded envelope sender will not be example.com, it’ll be a subdomain like bounces.example.com. That domain should have an SPF record that includes the Marketo IP range.

 

But no matter what, your zone apex example.com does not need to be concerned about Marketo + SPF. Again, SPF is only checked for the MAIL FROM/envelope sender/return-path/reverse-path domain.

 

Marketo instance with shared IP doesn't need SPF and DKIM? 

Correct. This is widely misunderstood.In fact, unnecessarily adding Marketo to your zone apex‘s SPF record can even be destructive, making the whole record unusable (because it goes over SPF DNS lookup limits).

 

So just to re-confirm we don't need to set any SPF and DKIM for the reply to address? or we need to do any config at Marketo end for reply to  address?

You do not need to configure anything in DNS for the Reply-To: header.

    Terms & ConditionsAccessibility statement

    Loading footer...