SparkPost gives you raw sending power and per-account DKIM selectors, but unsigned mail from SparkPost fails your DMARC policy until you finish domain authentication and set a bounce domain.
SparkPost treats SPF as optional — include _spf.sparkpostmail.com (or _spf.eu.sparkpostmail.com in the EU) — and leans on DKIM plus a bounce domain. Its DKIM selector is auto-generated and date-encoded, e.g. scph0316._domainkey, and a custom bounce CNAME pointing to sparkpostmail.com overrides the default Return-Path so SPF aligns to your domain. Source: sparkpost.com/docs · verified 2026-07-15
p=none and a rua address, watch reports for a week, confirm this sender shows 100% pass.No. Adding SPF includes and DKIM records only adds authentication — it never blocks existing mail. The only risky step is tightening your DMARC policy, and that comes later, after reports confirm everything passes.
Send yourself a test email and inspect the headers for spf=pass, dkim=pass and dmarc=pass — or just watch your DMARCKeeper dashboard: the sender's pass rate should hit 100% within a day or two.
Yes. SPF and DKIM authenticate mail; DMARC is what tells receivers to BLOCK mail that fails, and it's the piece Gmail, Yahoo and Outlook now check for explicitly.