All Collections
Learn about DMARC
Authenticating bounce messages with SPF and DKIM with regards to DMARC
Authenticating bounce messages with SPF and DKIM with regards to DMARC

Information on bounce messages, the way they operate and how to authenticate them with respect to SPF and DKIM.

Ivan Kovachev avatar
Written by Ivan Kovachev
Updated over a week ago

SPF

SPF is based on two authenticated identifiers: RFC5321/MAIL-FROM or in the case of bounce messages where the MAIL-FROM is left blank it is based on the RFC5321/HELO-EHLO identifier.

It can be seen that in order to SPF authenticate a bounce message with respect to DMARC the HELO/EHLO hostname of the client has to align with the RFC5322/From address found in an email. This means that your SPF record should include the HELO/EHLO domain in DNS and be configured appropriately.

DKIM

In cases where it is not possible to align the HELO/EHLO hostname to the From address of an email, DKIM signing can be used where the "d=" domain matches the From domain. Mail flow is often indirect and in those cases DKIM is the preferable protocol to SPF and increases the chances of emails being delivered.

Did this answer your question?