When in EasySPF a sending source is detected as SPF “Non-Capable”, it means that the source doesn’t support SPF alignment. Types of sending sources are identified due to our database which is constantly updated as we keep track of the sources’ SPF configurations and capabilities.
Below is a detailed explanation of why this occurs and what it means for your email authentication.
When setting up an SPF record, domain owners safelist IP addresses or include sources in the SPF record as authorized to send out emails on behalf of their domain. This stands for SPF authentication.
However, passing SPF authentication is not enough. For emails to completely pass SPF, DMARC also requires SPF alignment. This means that the Mail from domain(envelope from, return-path) and the From domain(sending domain) should be the same.
In regards to SPF alignment, there are sending sources which are SPF capable, subdomain capable and some of sources are SPF non-capable.
SPF non-capable sources do not support custom Mail From (return-path) domain configuration, either at the root or subdomain level, mainly due to the reason that they want to handle bounce messages on their end. For this reason, they can't align the return-path domain with the From domain, and emails sent through these sources can't meet SPF alignment. To ensure DMARC compliance for emails sent via these sources, it's crucial to have DKIM properly configured, as DKIM is the additional layer of security for emails to pass DMARC checks.
For more details about sending sources based on their SPF capability, refer to this link.