SPF (Sender Policy Framework) is a method of sender authentication. SPF protects the envelope sender address, also called the "return path," which is used for the delivery of email messages.

Protect Your Domain​

The purpose of an SPF record is to make it impossible for spammers to send messages with forged from addresses. The senders of spam often use fake email domains to increase their opening and delivery rates or for phishing attempts. SPF helps mail servers to verify the identity of the sender and reliably determine if the email comes from a legitimate source.

If you publish an SPF record for your domain, spammers and phishers are less likely to create fake emails that pretend to come from your domain. Spammers know that your emails are protected by the SPF record, and that their fake emails are more likely to be caught in spam filters. As a result, your domain is less attractive to spammers and phishers. Ultimately, your emails are more likely to reach the inbox.

The SPF Record​

SPF consists of a list of all the mail servers that are allowed to send an email on behalf of a particular domain. The list is published as an SPF record in the Domain Name System (DNS) of the sender's domain. The receiving mail servers access the SPF record to check whether the incoming email is sent from a mail server that is authorized by the domain's administrators. If the email comes from an unknown mail server, then the email is recognized as a fake. The receiving mail server rejects the email.


To send authorized email in Mapp Engage with your own domain (@mydomain.com), add the Mapp Engage mail server to the DNS record of mydomain.com. This allows Mapp Engage to send authenticated emails with your domain, @mydomain.com. The SPF record is normally set up during the initial configuration of your Mapp Engage system.

Any time you want to change the domain that you use for sendout, you must add Mapp Engage to the DNS record for that domain. You must update the DNS record even if you want to send from a subdomain of a domain for which an SPF record is already in place (for example, @sales.mybrand.com). Contact your customer representative for more information.

Check SPF Authentication with Message Check​

We recommend that you use the Message Check feature to perform an SPF check before sendout. For more information.

Once SPF is set up for a Mapp Engage system, the domain that has the DNS entry is automatically displayed as the group domain when a new group is created. The domain cannot be edited. However, it is possible to change the ​From Address​ of a group in Mapp Engage. (For more information, see Reply Handling (tab)​.) The ​From Address​ is what the recipient usually sees displayed as the sender address in different email clients. If a new ​From Address​ is entered for message sendout, the Mapp Engage system must be authorized to send from that domain. All changes after the @ sign require an SPF Record for the Mapp Engage domain.

Both the group sendout address and the ​From Address​ (if one is entered in the group settings) appear in the header information of the email.

  • The group address used for the Mapp Engage sendout is displayed in the header of the email as the SMTP Return-Path

  • The optional from address that is entered in the Mapp Engage group settings is displayed in the header as the From Address.

If the Mapp Engage system used for sendout is not authorized to send from the specified ​From Address​, the message fails the SPF check. If the Mapp Engage system is authorized to use the from address, the SPF check passes (even if the from address is different than the group sendout address). SPF does not compare the from and return path addresses.

Ideally, both addresses are the same. The addresses always match, unless a different from address is manually added in the group settings. In order to pass the DMARC check, the SMTP Return-Path address and the ​From Address​ must match.