1

To get rid of the "via" and "on behalf of" headers in Gmail and Outlook, do I need to set both the DKIM and the SPF records, or are DKIM records enough?

We recently changed our SMTP provider from AuthSMTP to Mandrill. By default Mandrill does bounce handling itself, so the Return-Path is set to mandrillapp.com. In the SPF check I saw that it checks the SPF records of mandrillapp.com instead of ourdomain.com, probably because of this Return-Path. For DKIM it checks ourdomain.com.

During testing I noticed that the "via header" was already gone in Gmail when only the DKIM record was added, but not the SPF record yet. So this makes me think only adding DKIM is enough for this header?

The actual reason I'm asking this is that we are temporarily running against the 10 DNS lookup limit for SPF, because we are trying out different tools, so if I can continue without completely correct SPF records now (ending with ~all) that would be handy.

Jan Fabry
  • 836
  • 1
  • 10
  • 18

1 Answers1

3

This information was taken from Laura on Word to Wise article. Here the statement from her

A via is presented to the user when you have a DKIM pass and the domain in the d= does not match the domain in the visible from address. In this case the interface shows via the d= domain.

A via is presented to the user when you have a SPF pass, no valid DKIM (either a fail or no signature at all) and the domain in the return path is different than the domain in the visible from address. In this case the interface shows via the SPF domain.

Here the table that represent the information

Diagram SPF DKIM and via-to-Sender

So based on that your conclusion was true. Via to was added when either DKIM/SPF pass but different with From header.

Community
  • 1
masegaloeh
  • 17,978
  • 9
  • 56
  • 104