As a company that specializes in Pardot Implementations, we have seen our fair share of SPF records. In this blog post, we’re going to show you a way to append your existing record to include Pardot with just one entry. Background: For those unfamiliar, a Sender Policy Framework (or, SPF) record is one of three DNS records we add to the domains you plan on using Pardot to send email from. The role of the SPF record is to help communicate to mail exchange servers that the emails originating from Pardot are authenticated. Essentially, it’s a “safe sender” list. This helps ensure high deliverability and protects your domain’s sending reputation.
The fact is, most businesses already have SPF records that include entries for services like Google Mail, Office 365, Zendesk, Salesforce, or any other tool that helps send emails on behalf of your domain.
These SPF Records have a 10-entry limit. During an implementation, businesses will often times struggle with appending their SPF record with Pardot’s entry, due to the number of pre-existing entries, as well as the number of “hidden” entries behind each single entry. Typically, we will first look to entries that can be pruned from the record; sometimes all entries are essential to the business.
Even when there’s only one include, it can account for multiple entries. Pardot’s SPF entry, as outlined on their Knowledge Base (below), accounts for three entries — despite it only being a single include.
Recently, we’ve uncovered a single entry that can replace the standard Pardot SPF record.
And yes, it verifies correctly.
Now, onto the entries:
Original Entry (as outlined on the Pardot Knowledge Base)
v=spf1 include:aspmx.pardot.com ~all
New Entry (Updated)
v=spf1 include:et._spf.pardot.com ~all
- Once you have set this up, login to Pardot.
- Navigate to Admin > Overview.
- Your SPF record should now be Verified.
Further Testing & Validation
For those of you who want to take testing and validation a step further, check out the following tool: Kitterman SPF Record Testing
This is a great way to look up your existing record and validate whether or not it’s exceeding the 10-entry limit. Simply go to the above link and type in your domain name in the form field pictured below (leave the www. out of the domain):
Additionally, you can test out your domain and the appended SPF record before making the changes live in your DNS, using the section titled: Is this SPF record valid – syntactically correct?
SPF Record: v=spf1 include:spf.protection.outlook.com include:et._spf.pardot.com ~all
Checking the SPF record will return a pass/fail after you’ve input your entries. As you can see in our record above, we use Office 365 internally, and the entry labeled include:spf.protection.outlook.com tells mail exchange servers to accept all emails from this domain originating from Office 365.
Hopefully this information was helpful to those just getting started with Pardot, companies looking to streamline their existing SPF record, or just improve the syntax and future-proof for other services.