Thanks again for your reply. So help me get something straight here. Being able to align only DKIM, means that DMARC will never be able to be setup to reject? Given that only DKIM and not SPF align?
I was looking at aspf=r (not s), but I fear that is lowering security and allowing emails to at times bypass the DMARC check?
I also found this on their site, which is…well, crap.
Set up DMARC with HubSpot
The domain’s DMARC policy should have SPF and DKIM both set to “relaxed” alignment , and you’ll want to take the following steps:
- Connect the domain as an email sending domain.
Add HubSpot to your SPF policy.
DMARC is used to tell your recipients’ email servers how to use existing authentication methods like SPF or DKIM to verify the owner of the domain. All HubSpot customers are on HubSpot’s shared email servers hosted on hubspot, so mail won’t be in alignment with your own domain’s policy by default.