Hi, I write here because i’m not enabled yet writing to Sources or New Sources areas.
I run VOXmail and we support SPF/DKIM/DMARC on customer’s domain.
By default we use our own domains for return path and dkim signing but we let every sender to enable “domain authentication” and this change the return path to a subdomain of the From email domain and add DKIM signing for the from domain, enabling SPF+DKIM alignment and DMARC.
For accounts sending to many recipients domain authentication is mandatory: we started this path 3 years ago and since then we decreased multiple times the number of recipients a customer can write to without custom “domain authentication”. Here is the last news (in italian) about it (domain authentication is now mandatory to send to more than 10.000 recipients, but highly suggested over 2.500):
In order to enable domain authentication we have a custom tool that ask the user to add some CNAME and add/change the SPF (one for the return path, usually “e.#domain” and 2 CNAMEs for the dkim records and also ask to add a new SPF or to change the SPF to add our own include + optionally a _dmarc CNAME if the user does not already have one) and guide the user through the changes and validate them before we start to send “authenticated emails”.
Hope that dmarc.io - VOXmail can be updated (and maybe this post moved to the Sources area).