What domain is checked for SPF alignment? (Return-Path vs From)

Still have a question, spotted an error, or have a better explanation or a source we should cite?

Here's the thing that trips up a lot of folks: SPF and DMARC check two totally different domains. SPF aligns against the Return-Path domain (also called the envelope sender or MAIL FROM). DMARC, on the other hand, compares that Return-Path domain to the From header domain to see if they match.

Here's why this matters. Your mail server might pass SPF validation because it's authorized to send from your domain. But if you're using an email service provider (ESP), they often send mail on your behalf using their own Return-Path domain. That means SPF passes, but the Return-Path doesn't match your From header, so DMARC fails. You've got a deliverability problem even though SPF technically worked.

The fix is getting your ESP to either sign mail with your DKIM domain (more reliable) or use your domain as the Return-Path. Check out how to fix alignment issues for the step-by-step approach. See also: how DKIM alignment works.

Contributors

Who worked on this answer

Every name links to their profile. Every company links to their site. Real people, real accountability.

Ask an AI · tailored to your setup

Explain SPF vs DMARC alignment domains

Explain the difference between the Return-Path domain checked by SPF and the From header domain in DMARC alignment. Include why ESPs often break SPF alignment and what that means for deliverability.

Edit the yellow boxes, then send to the AI of your choice.