["48432.js","47514.js","14759.js"]
["48418.css","16238.css","15731.css","15730.css","15516.css","14755.css","14756.css"]
["14757.html"]
  • Log In
  • Sign Up
  • Contact Us
PowerDMARC
  • Features
    • PowerDMARC
    • Hosted DKIM
    • PowerSPF
    • PowerBIMI
    • PowerMTA-STS
    • PowerTLS-RPT
    • PowerAlerts
  • Services
    • Deployment Services
    • Managed Services
    • Support Services
    • Service Benefits
  • Pricing
  • Power Toolbox
  • Partners
    • Reseller Program
    • MSSP Program
    • Technology Partners
    • Industry Partners
    • Find a partner
    • Become a Partner
  • Resources
    • What is DMARC? – A Detailed Guide
    • Datasheets
    • Case Studies
    • DMARC in Your Country
    • DMARC by Industry
    • Support
    • Blog
    • DMARC Training
  • About
    • Our company
    • Clients
    • Contact us
    • Book a demo
    • Events
  • Menu Menu

Do I Need SPF for Subdomains?

Blogs
SPF for subdomains

Unlike DMARC, SPF works differently with subdomains. If you’re wondering if you should configure SPF for subdomains and whether policies are to be separately implemented for your subdomains, this article might be helpful for you. Read more about how DMARC works with subdomains here. 

To do a quick recap, your domain’s DMARC policy automatically applies to your subdomains. That is, if you have a DMARC record in place for company.com with a DMARC policy of p=reject published on company.com, any mail sent from subdomains like support.company.com or marketing.company.com will inherit the same DMARC policy as the root domain without having to manually configure individual sp (subdomain policy) DMARC tags. 

Now let’s dive into managing SPF for subdomains: 

How does SPF work with Subdomains?

SPF policies do not automatically get inherited by subdomains. If you use SPF to authenticate your emails and you are sending emails using subdomains, you would need to individually configure SPF records for these subdomains by making modifications to your DNS entries. 

For example, 

company.com has the following SPF record: 

v=spf1 include:spf.domain.com include:spf.xyz.net -all 

However, instead of sending emails directly from company.com which is your root domain, you are sending emails from marketing.company.com, a subdomain based on your root domain. Email receivers will return a no SPF record found error due to the lack of an SPF record for your subdomain.

Creating an SPF record for your subdomains

To create an SPF record for your subdomains: 

  1. Head over to the SPF record generator tool
  2. Enter information pertaining to any third parties you may be using to send emails on behalf of your subdomain (e.g. SendGrid, Zendesk, etc)
  3. Hit the “generate SPF record” button to let the AI generate an error-free TXT record for you
  4. Copy this record to your clipboard

Publishing your subdomain’s SPF record

To publish SPF for subdomains: 

  1. Gain access to your DNS management console as an administrator
  2. Navigate to your DNS settings page to edit/add DNS records
  3. Make sure your subdomain is registered on the portal, click on “Add new record”
  4. Create a new record in the “Add new record” pop-up box

Record type: TXT
TTL: 1 hour
Host: (your subdomain name)
Value: Paste your generated SPF record here

Note: The name of each criterion and the process for adding a new record varies depending on the DNS provider you use. For any confusion, please get in touch with your hosting provider.

Why do you need SPF for subdomains (and domains)?

When you send an email, the receiving server performs a DNS lookup to query the sending subdomain’s (or domain) DNS for an SPF record. When found, it now checks whether the sender’s IP address matches any of those specified in the record. A match implies that the domain owner has delegated authority to that domain for transferring emails on its behalf. If it is not a match the email fails the SPF check. 

Cybercriminals might be forging your domain name to send fake emails to your clients in order to defraud them. Having an SPF record in place helps prevent unauthorized parties from sending emails from your domain. This is why it is important to set up SPF for subdomains and root domains separately to ensure well-rounded protection against impersonation. 

What does an SPF record look like?

Given below is an SPF record for your reference:

spf for subdomains

If you are facing issues in email deliverability, you should check your SPF record for any syntactical errors. Look for redundant spaces in your record and make sure it’s all in one line. If you’re still having troubles, deploy safe SPF with PowerDMARC. We help you streamline your SPF deployment process so you never face configuration or authentication issues.

 

spf for subdomains

  • About
  • Latest Posts
Syuzanna Papazyan
Syuzanna works as a Visual Designer at PowerDMARC.
She is artistic person with innovative ideas and designs.
Latest posts by Syuzanna Papazyan (see all)
  • How to Implement Mail Domain Authentication in Your Email Infrastructure - February 22, 2023
  • How to fix “SPF alignment failed”? - January 3, 2023
  • Why does DKIM fail? - January 2, 2023
April 21, 2022/by Syuzanna Papazyan
Tags: do i need to add a txt spf record for subdomains, spf a mechanism for subdomains, spf for subdomains, spf record for subdomains, spf subdomain example, spf subdomain spoofing, spf wildcard subdomain
Share this entry
  • Share on Facebook
  • Share on Twitter
  • Share on WhatsApp
  • Share on LinkedIn
  • Share by Mail

Secure Your Email

Stop Email Spoofing and Improve Email Deliverability

15-day Free trial!


Categories

  • Blogs
  • News
  • Press Releases

Latest Blogs

  • phishing email
    What is a Phishing Email? Stay Alert and Avoid Falling Into the Trap!May 31, 2023 - 9:05 pm
  • How to fix “DKIM none message not signed”
    Fix “DKIM none message not signed”- Troubleshooting GuideMay 31, 2023 - 3:35 pm
  • SPF Permerror - Too many DNS lookups
    Fix SPF Permerror: Overcome Too Many DNS LookupsMay 30, 2023 - 5:14 pm
  • Top 5 Cybersecurity Managed Services in 2023
    Top 5 Cybersecurity Managed Services in 2023May 29, 2023 - 10:00 am
logo footer powerdmarc
SOC2 GDPR PowerDMARC GDPR comliant crown commercial service
global cyber alliance certified powerdmarc csa

Knowledge

What is Email Authentication?
What is DMARC?
What is DMARC Policy?
What is SPF?
What is DKIM?
What is BIMI?
What is MTA-STS?
What is TLS-RPT?
What is RUA?
What is RUF?
AntiSpam vs DMARC
DMARC Alignment
DMARC Compliance
DMARC Enforcement
BIMI Implementation Guide
Permerror
MTA-STS & TLS-RPT Implementation Guide

Tools

Free DMARC Record Generator
Free DMARC Record Checker
Free SPF Record Generator
Free SPF Record Lookup
Free DKIM Record Generator
Free DKIM Record Lookup
Free BIMI Record Generator
Free BIMI Record Lookup
Free FCrDNS Record Lookup
Free TLS-RPT Record Checker
Free MTA-STS Record Checker
Free TLS-RPT Record Generator

Product

Product Tour
Features
PowerSPF
PowerBIMI
PowerMTA-STS
PowerTLS-RPT
PowerAlerts
API Documentation
Managed Services
Email Spoofing Protection
Brand Protection
Anti Phishing
DMARC for Office365
DMARC for Google Mail GSuite
DMARC for Zimbra
Free DMARC Training

Try Us

Contact Us
Free Trial
Book Demo
Partnership
Pricing
FAQ
Support
Blog
Events
Feature Request
Change Log
System Status

  • Français
  • Dansk
  • Nederlands
  • Deutsch
  • Русский
  • Polski
  • Español
  • Italiano
  • 日本語
  • 中文 (简体)
  • Português
  • Norsk
  • Svenska
  • 한국어
© PowerDMARC is a registered trademark.
  • Twitter
  • Youtube
  • LinkedIn
  • Facebook
  • Instagram
  • Contact us
  • Terms & Conditions
  • Privacy Policy
  • Cookie Policy
  • Security Policy
  • Compliance
  • GDPR Notice
  • Sitemap
PowerDMARC partners with Cipher for Saudi ArabiaPowerDMARC CipherPowerDMARC Channel NextPowerDMARC partners with Channel Next for UAE
Scroll to top
["14758.html"]