DMARC Analyzer 2.0 - SPF Delegation

Updated

This article contains information on the SPF Delegation page in Mimecast DMARC Analyzer, which provides a streamlined interface to manage SPF delegation, ensuring authorized servers can send emails on behalf of your domain to enhance authentication and reduce spoofing risks.

Enabling SPF Delegation is only a one-time setup. The current SPF record configuration needs to be updated to set up SPF Delegation, which must be published by the DNS Manager or hosting company

Advantages of SPF Delegation

  • Allows having more than 10 lookups.
  • Authorized sources are added to the DNS Delegation service and are periodically checked for changes.
  • DNS Delegation will check all sources permitted to send an email on your behalf, including nested lookups, and will process their contents into chunks no bigger than a UDP package allows.
  • Eliminate duplicate SPF entries: the DNS Delegation service will filter out duplicate sources.

The image below illustrates a standard SPF lookup:

image.png

The image below illustrates a delegated SPF lookup:

image.png

Domain setup for SPF delegation 

2025-12-09_12-08-14.png

At the top of the page, you are provided with clear instructions on how to configure SPF delegation for your domain.

  1. Log into Mimecast Administration Console
  2. Navigate to More Services | DMARC Analyzer 2.0 | DNS Delegation
  3. Select the domain to be updated from the Delegated Domains.
  4. Click on the three dots (•••) on the left.
  5. On the pop-up widget, click Edit SPF Delegation
  6. Click Add Known Source to select from a predefined list of trusted email service providers (e.g., Salesforce, Microsoft 365), or click Add Custom Sources to manually add a Custom Sender by specifying the sender's details.
  7. Enabled Senders displays a list of Known Senders (e.g., Amazon SES, G Suite, HubSpot) that are already authorized to send emails on behalf of the domain.
  8. Custom Senders displays a list of Custom Senders (e.g., Teleperformance) that have been manually added by you.

You can delete any enabled or custom sender by clicking the X icon next to its name.

  1. DNS Entries provides the SPF DNS record that needs to be published in the domain's DNS settings to enable SPF delegation.
  • TXT Record:
    • Displays the SPF record in both compressed and normalized formats for easy implementation.
    • Example:
      • Compressed: A compact version of the SPF record for the DNS entry.
      • Normalized: A more readable version of the SPF record for review and troubleshooting.

Copy Functionality:

  • You can copy the DNS record to their clipboard for quick and accurate implementation.

Warning Message:

  • Alerts you to ensure the DNS record is published correctly to activate SPF delegation.

Related to

Was this article helpful?
0 out of 0 found this helpful

Comments

0 comments

Please sign in to leave a comment.