The Valimail SPF directives should be sufficient to allow SPF validation of any service.  So for the purposes of email authentication, no additional directives should be needed in an SPF record.


That said, some vendors use a partial text match on the SPF record to validate that their customer has configured SPF correctly and either won’t send email, or won’t send email using the customer’s domain unless the specific SPF directive they specify is present in the record.


Valimail supports this verification for a limited number of vendors.  Customers can add the directives for these vendors to their SPF record, so long as the vendor-specified directive is added AFTER the macro directive.  This ensures both that Valimail handles authenticating the service and that the SPF evaluation doesn’t exceed the 10 domain lookup limit before Valimail takes ownership of email authentication.


Our SPF record validation tools recognize these supported vendor-specified directives and, assuming the rest of the record is correct, should show the record as both valid and properly delegated in Valimail UIs.  Any number of vendor-specified directives can be added to an SPF record and it will still be valid.


Currently supported vendors are:


Vendor

Directive

FireEye Email Threat Prevention

include:_spf.fireeyecloud.com

Greenhouse

include:mg-spf.greenhouse.io

HelpScout

include:helpscoutemail.com

Microsoft 365

include:spf.protection.outlook.com

Status Page

include:stspg-customer.com

Symantec Email Security Cloud

include:spf.messagelabs.com

Sendinblue

include:spf.sendinblue.com