Is there a way to align SPF for Google Apps alias domain?

Solution 1:

Use the redirect modifier to "replace" the SPF record for the alias domain with that of the primary domain.

Thus, the SPF record for ends up looking like:


Note that no all mechanism is required, the final clause of the record will apply

Solution 2:

As mentioned on SPF not aligned on domain alias, DMARC problems, when using domain aliases, the return-path and from headers are updated by Google to point to email addresses in different domains. The return-path has the primary domain email address, while the from header has an email address in the alias domain. This may cause problems with email delivery. It will reduce your spam score and increase the chances of your message being marked as SPAM.

As mentioned in the article, there is no solution for this so far from Google. I have used GSuite with domain alias and have no problems with sending and receiving emails. If your primary domain and domain alias have the correct MX and SPF records configured, then you should not have any problems with sending email from your primary domain or domain alias. Adding redirect modifier to SPF record is not recommended by GSuite support.

The MX records for both your primary domain and domain alias should point to Google's mail servers. Both primary domain and domain alias should also have a SPF record that allows email delivery from Google's mail servers.

See Help prevent email spoofing with SPF records on how to configure SPF for your GSuite domain. The article Set up MX records for G Suite Gmail, describes how to configure MX records for your domain.



G Suite