Why is an SPF record not required?

You might have noticed it: when you add a new email channel on Fernand, we only ask for two CNAME and a TXT record.

The TXT and one of the two CNAMEs roles are to sign the email sent using DKIM. They ensure that the content is proved to come from you. In case your domain enforce DMARC, this will pass the verification since the signing domain is the same as the sender.

Now, SPF is used to ensure that the sending server is indeed allowed to send an email from your domain. Imagine your domain being example.com. When the sending server sends an email, it uses a "Return Path" email, which is a specific email that can vary from the real sender email you would find in the "From:" field. It is that specific Return Path email that the SPF checks against.

What we do at Fernand is to not use the same From, but use one from a subdomain we ask you to setup: the second CNAME DNS entry (often called fbounces). This one points to a SPF record that includes the servers we use to send emails from.

When we send an email, we use a return path that does not ends with @example.com but with @fbounces.example.com, which then contains the appropriate SPF we need to properly deliver your conversations properly.

Was this helpful?