Aligned Authentication method:
SPF - No
DKIM - Yes - TXT record
Some things to be aware of with Salesforce Pardot:
Uses the same DKIM key (selector 200608) as Salesforce Marketing Cloud
Does not use a dedicated subdomain
Pardot’s email authentication instructions specify creating a DOMAINKEY (the precursor to DKIM) record: o=~ on _domainkey.foo.com This is obsolete and not needed. Enforce does not publish this record. Even though not publishing this will show as an error in the Pardot interface, this can be safely ignored.
Pardot’s email authentication instructions specify adding an SPF include whether the emails are SPF aligned or not. It does a simple text match and, as such, does not understand Instant SPF Macros. Even though this will show as an error in the Pardot interface, this can be safely ignored. As long as Pardot is added as an Enabled Sender in Enforce, Enforce will return the proper SPF response assuming the emails are SPF aligned.
Salesforce Marketing Cloud