1. Help Center
  2. DMARC Analytics
  3. How does Return-Path apply to SPF and DMARC?

How does Return-Path apply to SPF and DMARC?

A Return-Path is a header field that designates the email address where bounced messages and other feedback are sent. So, if an email can’t be delivered to the intended recipient, it is returned to the Return-Path email address. The Return-Path email address is invisible when the message is sent and received. However, it can be found in the appropriate header field.

In addition to Return-Path, there are other variations of the name such as Bounce address, Envelope from, Envelope sender, and MAIL FROM.

“Return-Path” email address in the headers

Return-Path and SPF Authentication

With regard to SPF, the domain used in the Return-Path email address is the one where the receiving mail server gets an SPF record (TXT DNS record).

When it retrieves the record, it looks at the list of approved IP addresses that are allowed to send email messages on behalf of the domain used in the Return-Path address. The mail server compares approved IP addresses to the IP address that sent the message. If the sender’s IP is among the approved IP, the email passes SPF authentication. If it fails, the message is most likely spam.

Return-Path and SPF Alignment (Evaluation)

Return-Path is also critical to passing the SPF Alignment test (it can also be called SPF Evaluation). This test is part of DMARC, where a message must either pass both SPF Authentication and Alignment tests or pass both DKIM Authentication and Alignment tests to be considered DMARC Compliant.

SPF Alignment (or SPF Evaluation) means that the domain used in the Return-Path email address must match the domain used in the From email address (the one that you can see in an email client when reading an email).

For example, if you send emails from test.com, but the Return-Path uses bounce.domain.com, you can still pass SPF and DKIM authentication. However, SPF Alignment will fail because the Return-Path and “From” addresses aren’t using the same domain.

In GlockApps DMARC Analytics, the Return-Path domain is shown as SPF Domain. The result of the SPF Alignment (Evaluation) test is shown in the SPF EVAL column.

SPF Alignment (Evaluation) failed

When the Return-Path domain is bounce.domain.com and emails are sent from bounce.domain.com or domain.com, an email will pass SPF Alignment and DMARC.

SPF Alignment (Evaluation) passed

Why Use a Customized Return-Path

Using a customized Return-Path becomes a must-have if you have a DMARC authentication implemented for your domain. A custom Return-Path ensures that the message passes the DMARC check and is delivered when DKIM Alignment fails. It is extremely important when you start using DMARC with the “quarantine” or “reject” policy. Moreover, it helps make your emails look more professional and trusted, and increases overall deliverability.

To set up a custom Return-Path, adding a CNAME record with your DNS service provider is required. Once added, the custom Return-Path domain will override the default Return-Path value provided by your email service provider for all your outbound messages.

It is advised that you contact your email service provider for information about the Return-Path customization. Almost all reputable email service providers allow senders to set up a custom domain for Return-Path. If your ESP doesn’t, it makes sense to look for a different one where you can send emails that are SPF, DKIM, and DMARC aligned.

Updated on December 10, 2021

Was this article helpful?

Related Articles

Need Support?
Can’t find the answer you’re looking for? Don’t worry we’re here to help!
Contact Support

Leave a Comment