This article contains information on configuring SPF Delegation, managing known and custom senders, and publishing DNS SPF records, including benefits like expanded lookups and automated delegation management.

Key Features and Functionalities

Instructions for SPF Delegation

• At the top of the page, users are provided with clear instructions on how to configure SPF Delegation for their domain.
• Links to additional resources, such as a default guide, are available to assist users in completing the setup.

Enabled Senders

• Displays a list of Known Senders (e.g., Amazon SES, G Suite, HubSpot) that are already authorized to send emails on behalf of the domain.
• Users can remove any sender from the list by clicking the X icon next to the sender's name.

Custom Senders

• Displays a list of Custom Senders (e.g., Teleperformance) that have been manually added by the user.
• Users can remove any custom sender by clicking the X icon next to the sender's name.

Add Known or Custom Sources

Add Known Source:

• Allows users to select from a predefined list of trusted email service providers (e.g., Salesforce, Microsoft 365).
• Simplifies the process of adding commonly used senders to the SPF Delegation.

Add Custom Source:

• Enables users to manually add a custom sender by specifying the sender's details.
• Useful for authorizing less common or internal email sources.

DNS Entries

• Provides the SPF DNS record that needs to be published in the domain's DNS settings to enable SPF Delegation.

TXT Record:

• Displays the SPF record in both compressed and normalized formats for easy implementation.
• Example:
  • Compressed: A compact version of the SPF record for DNS entry.
  • Normalized: A more readable version of the SPF record for review and troubleshooting.

Copy Functionality:

• Users can copy the DNS record to their clipboard for quick and accurate implementation.

Warning Message:

• Alert users to ensure the DNS record is published correctly to activate SPF Delegation.

Advantages of SPF Delegation

• Allows having more than 10 lookups.
• Authorized sources are added to the DNS Delegation service and are periodically checked for changes.
•  DNS Delegation will check all sources permitted to send an email on your behalf, including nested lookups, and will process their contents into chunks no bigger than a UDP package allows.
• Eliminate duplicate SPF entries: the DNS Delegation service will filter out duplicate sources.

The image below illustrates a standard SPF lookup:

The image below illustrates a delegated SPF lookup:

Domain setup for SPF delegation 

At the top of the page, you are provided with clear instructions on how to configure SPF delegation for your domain.

1. Log into Mimecast Administration Console
2. Navigate to More Services | DMARC Analyzer 2.0 | DNS Delegation
3. Select the domain to be updated from the Delegated Domains.
4. Click on the three dots (•••) on the left.
5. On the pop-up widget, click Edit SPF Delegation
6. Click Add Known Source to select from a predefined list of trusted email service providers (e.g., Salesforce, Microsoft 365), or click Add Custom Sources to manually add a Custom Sender by specifying the sender's details.
7. Enabled Senders displays a list of Known Senders (e.g., Amazon SES, G Suite, HubSpot) that are already authorized to send emails on behalf of the domain.
8. Custom Senders displays a list of Custom Senders (e.g., Teleperformance) that have been manually added by you.

9. DNS Entries provides the SPF DNS record that needs to be published in the domain's DNS settings to enable SPF Delegation.

• TXT Record:
  • Displays the SPF record in both compressed and normalized formats for easy implementation.
  • Example:
    • Compressed: A compact version of the SPF record for the DNS entry.
    • Normalized: A more readable version of the SPF record for review and troubleshooting.