Sender Policy Framework (SPF) is used to authenticate the sender of an email. With an SPF record in place, Internet Service Providers can verify that a mail server is authorized to send email for a specific domain. An SPF record is a DNS TXT record containing a list of the IP addresses that are allowed to send email on behalf of your domain.
SPF has become exceedingly vital to help verify which sending infrastructure can relay email on behalf of your domain. Implementing SPF for email provides major benefits.
How does SPF work with subdomains?
SPF policies are not automatically inherited by subdomains. If you use SPF to authenticate your emails and send emails using subdomains, you will need to individually configure SPF records for those subdomains by making changes to your DNS records.
For example, company.com has the following SPF record:
v=spf1 include:spf.domain.com include:spf.xyz.net -all
However, instead of sending emails directly from company.com, which is your root domain, you are sending emails from marketing.company.com, a subdomain based on your root domain. The email recipient will return an error with no SPF record found because there is no SPF record for your subdomain.