Source: dmarcian Author: John Bowers URL: https://dmarcian.com/spf-record-cleanup-techniques/

ONE SENTENCE SUMMARY:

dmarcian provides guidance on avoiding SPF over-authentication by safely removing unnecessary or incorrectly placed SPF include statements from organizational domains.

MAIN POINTS:

1. Over-authentication occurs when unnecessary email sources remain in SPF records.
2. SPF statements should be regularly reviewed to remove unused email sending sources.
3. Subdomain usage is a best practice for proper SPF alignment and reducing lookup counts.
4. Active Campaign requires subdomains; remove “include:emsd1.com” from organizational SPF.
5. Adobe Marketo needs a subdomain and trusted IP; remove “include:mktomail.com”.
6. AmazonSES requires subdomains; remove “include:amazonses.com” from organizational SPF.
7. Bird (SparkPost) mandates subdomains; remove “_spf.sparkpostmail.com” or “_spf.eu.sparkpostmail.com”.
8. Cvent cannot achieve SPF alignment; rely on DKIM instead and remove “include:cvent-planner.com”.
9. Salesforce Marketing Cloud needs Sender Authentication Package; remove “include:cust-spf.exacttarget.com”.
10. SendGrid usually requires subdomains; remove “include:sendgrid.net” from organizational SPF.

TAKEAWAYS:

1. Regularly audit SPF records to maintain accuracy and avoid over-authentication.
2. Use subdomains consistently for SPF alignment to improve email deliverability.
3. Remove outdated or unnecessary SPF include statements from organizational domains.
4. Confirm no aligned email volume before removing SPF includes using SPF Surveyor.
5. Rely on DKIM when SPF alignment is not achievable (e.g., Cvent).