The message "domain of designates as permitted sender" comes from SPF (Sender Policy Framework) validation in email authentication. This means the sender email domain has authorized the sending server to send emails on its behalf, and the SPF check has likely passed.

What It Means

  • The domain SPF DNS record includes the IP address or hostname of the server that sent the email.
  • The recipient mail server queried the SPF record, found the sending server as an authorized sender, and accepted the email as legitimate.

Example of SPF Authentication in Email Headers

Here is what an SPF header might look like in an email:

Received-SPF: pass (google.com: domain of example.com designates 192.0.2.1 as permitted sender)

Breakdown:

  • pass: The SPF check passed successfully.
  • example.com: The domain sending the email.
  • 192.0.2.1: The sending server IP address.
  • designates as permitted sender: Confirms the IP is listed in the SPF record for example.com.

How SPF Works

1

SPF Record

The domain example.com publishes an SPF record in its DNS, such as:

v=spf1 ip4:192.0.2.1 include:_spf.google.com -all

This record specifies:

  • IPs or hostnames authorized to send emails for the domain.
  • Other domains (e.g., _spf.google.com) allowed to send emails on behalf of the domain.
2

SPF Check

When an email is sent, the recipient server:

  • Looks up the sender domain SPF record.
  • Verifies if the sending server IP address matches the authorized list.
3

Outcome

The recipient server accepts, flags, or rejects the email based on the SPF result.

SPF Status Types

Status Description Example
Pass The sender IP matches the SPF record for the domain. Received-SPF: pass (domain of example.com designates 192.0.2.1 as permitted sender)
Fail The sender IP is not authorized in the SPF record. Received-SPF: fail (domain of example.com does not designate 192.0.2.1 as permitted sender)
SoftFail The SPF record includes ~all instead of -all, indicating a soft fail. Received-SPF: softfail (domain of example.com does not designate 192.0.2.1 as permitted sender)
Neutral No explicit authorization for the sender IP is provided in the SPF record. Received-SPF: neutral (domain of example.com neither permits nor denies 192.0.2.1)
None No SPF record is found for the domain. Received-SPF: none (domain of example.com has no SPF record)

How to Ensure Proper SPF Configuration

1

Check Your SPF Record

Use a DNS tool or an online SPF checker like MXToolbox to view your SPF record.

2

Create or Update Your SPF Record

Add or modify your SPF record in the domain DNS settings. Example:

v=spf1 ip4:192.0.2.1 include:_spf.google.com -all
  • ip4:192.0.2.1: Authorizes the specific IP address.
  • include:_spf.google.com: Includes other servers authorized by Google (e.g., for Google Workspace users).
  • -all: Denies all unauthorized IPs.
3

Test with Email Authentication Tools

  • Send an email to check-auth@verifier.port25.com for a detailed SPF report.
  • Use tools like Mail Tester to confirm SPF, DKIM, and DMARC configurations.
4

Add SPF for Third-Party Senders

If you use third-party services to send emails (e.g., Mailchimp, Google Workspace, etc.), include their SPF records:

include:_spf.mailchimp.com
include:_spf.google.com

Common Issues and Fixes

Issue Solution
SPF fails for a legitimate sender Ensure the sender IP or hostname is included in the SPF record.
No SPF record found Add an SPF record to the domain DNS settings.
SoftFail instead of Fail Use -all instead of ~all to strictly enforce SPF.
Too many DNS lookups Minimize the number of include statements (10 DNS lookups max).

The message "domain of designates as permitted sender" confirms that the SPF check has passed, indicating a properly configured SPF record. To maintain this status, ensure all sending servers are correctly authorized in your domain SPF record and regularly test email authentication.