Skip to content
  • There are no suggestions because the search field is empty.

SPF Reporting and Performance

This content explains Delivery Center's SPF Performance feature.

SPF for Verified Sources

The first thing you will notice is a list of Verified Sources that you are using to send email (the exact same list seen in the Verified Sources section). This service verifies that the sources you told us you send mail from are included in your SPF.

If the sources are not in your SPF, you can add them by clicking the Add Verified Sources button. It is a critical problem if you have senders that are not in your SPF. To help correct this issue, a section called “Recommended SPF Record Change” is shown on the SPF Configuration page with changes to correct the problem. Simply hit the “Publish” button. The changes will be published and the problems will be corrected. *Note: You need to host your SPF record with MxToolbox to have us publish those changes directly.

If your record is not hosted with MxToolbox, simply copy the recommendations. Then, log in to your DNS hosting provider and replace the existing SPF record with the one you just copied.

Click here to see your SPF Performance data.

spf_performance

Delivery Errors with SPF

If you have no errors with any of those sources, you will need to pay attention to the “SPF Policy Pass Rate” because this is the percentage of emails that are passing both authentication and alignment for SPF (in other words, DMARC Compliant). Correcting low scores here is crucial to improving your overall DMARC score.

Other Items in the Report

  • SPF Mechanism: This is the value that the sender requires in your SPF record in order to ensure email deliverability from that email source.
  • SPF Policy Pass Rate: This displays the rate and count of emails that, during SPF validation, the email passes both authentication tests and alignment tests. A pass in both of those categories for an email means that the email is DMARC Compliant.

What is an Aligned Domain?

An email passes SPF Alignment when the domain in the "Mail From" field matches the domain in the "From" field. These are emails that are using your domain as a sender, which means that they are purporting to be legit mail from you.

How to Find and Solve Problems

  1. First, you will want to look at the Reported Email Volume column to get an idea if there is an abundance of mail associated with the domain. Your root domain likely will have the bulk of your volume.
  2. Check the SPF Record column for a red X or a green check. If you have a green check, your record does not have any problems. If you have a red X, click the "Inspect" link to get more details.
  3. Next, look at the SPF Authentication Pass and SPF Authentication Fail columns; most mail should pass. There will be some failures, but the vast majority of messages from a legitimate source should pass authentication. For a quick assessment, look at the status column to know if more than 10% of your emails are failing authentication.
  4. Expand the row to view data on IP addresses sending mail for this domain. If an IP is from a legitimate source, it should be in your SPF Record. The SPF Record column will check the IP against your SPF record to see if it is present.
  5. If an IP is not in your record, check the Outbound Email Source column. If the sender is one you recognize, you may need to add them as a Verified Source or check the SPF Configuration page to ensure your SPF record is up to date.

What about the IPs that are from senders I do not recognize?

There will almost always be IPs from senders that you do not recognize. These are either forwarders or attempts to spoof your domain. In most cases, the relative email volume from these will be low. However, if there is a high volume, it should be investigated to ensure it is not a legitimate source you have not verified or else it might be an active spoofing attack. You can use the "Open a support ticket" link at the upper right to get help from an MxToolbox expert.

What about SPF Unaligned Domains?

In most cases, these will be forwarders or spoof attempts. Therefore, you do not necessarily need to take action.

In other cases, they might be a legitimate sender who does not allow a custom return path domain. Say you send from a 3rd party, such as "Wesendyouremail", and they always send from wesendyouremail.com, so it shows up as not aligned. This is commonly shown to the recipient with a message, such as "Sent via" in the "From" address. If this is the case, you should check to make sure the sender does not offer custom return path domains. If they do not, these messages will continue to SPF Unaligned.