SPF Authentication Update: Now Using Return-Path with CNAME Records

We've updated our SPF authentication mechanism to use return-path and now require CNAME records instead of TXT records. This change improves email deliverability, simplifies domain management, and aligns with modern email authentication best practices.

What Changed

For standard domain configurations, we've made two important updates to our SPF authentication system:

• Return-Path Authentication: We now use the return-path header for SPF validation, which provides more reliable authentication checks and better alignment with email standards.
• CNAME Records: Instead of TXT records, we now use CNAME records for domain verification. This simplifies DNS management and provides more flexibility for domain configuration.

Note: If you use "allow any domain", you will continue to use TXT records. This configuration requires TXT-based SPF records to function correctly.

Why Return-Path?

The return-path header (also known as the envelope sender) is the address used for bounce messages and delivery status notifications. By using return-path for SPF validation, we ensure that authentication checks are performed against the actual sending address, not just the "From" header that users see.

This approach provides several benefits:

• Improved Deliverability: Many email providers prioritize return-path SPF checks, leading to better inbox placement rates.
• Better Bounce Handling: Bounce messages are correctly routed back to the return-path address, ensuring you receive all delivery status notifications.
• Standard Compliance: Aligns with RFC 7208 (SPF) and modern email authentication best practices.

CNAME vs TXT Records

Moving from TXT records to CNAME records offers significant advantages for domain management:

• Simplified Configuration: CNAME records are easier to manage and update, especially when you need to make changes across multiple domains.
• Reduced DNS Lookups: CNAME records can help reduce the number of DNS queries required for SPF validation, improving performance.
• Better Flexibility: CNAME records allow us to update authentication settings on our end without requiring changes to your DNS records.
• Cleaner DNS: Your DNS zone stays cleaner with fewer TXT records, making it easier to manage other authentication records like DKIM and DMARC.

What You Need to Do

If you're an existing customer, check your JetEmail dashboard for the exact DNS records you need to configure. The dashboard will automatically show you whether to use CNAME or TXT records based on your domain setup.

1. Check your dashboard: Log into your JetEmail dashboard and navigate to your domain settings to see the exact DNS records you need.
2. Update DNS records: Add the CNAME or TXT record shown in your dashboard to your DNS provider. If you're migrating from TXT to CNAME, remove the old TXT record first.
3. Verify configuration: Wait for DNS propagation (typically 5-15 minutes) and verify the configuration in your dashboard.

New customers will automatically see the correct DNS records when setting up their domains. The dashboard will guide you through the exact records you need to add based on your configuration.

Backward Compatibility

We understand that DNS changes can take time to propagate. During the transition period, we'll continue to support both TXT and CNAME records to ensure no disruption to your email delivery. However, we recommend updating to the new configuration shown in your dashboard as soon as possible to take advantage of the improved authentication and management features.

If you have any questions or need assistance with the migration, our support team is ready to help. You can reach out through your dashboard or contact support directly.

Zero Downtime Migration

This update will not cause any downtime to your email delivery. Once you add the CNAME record to your DNS, our system will automatically detect it and cut over to using the new CNAME-based authentication. Your emails will continue to be delivered normally throughout the transition.