Skip to main content

Overview

The Return-Path domain serves two critical functions in email delivery:
  • Bounce handling: Receives delivery failure notifications and spam complaints
  • SPF authentication: Identifies which servers are authorized to send on your domain’s behalf
The Return-Path is the envelope sender: the address mail servers use for routing and authentication, separate from the visible “From” address your recipients see.
The Return-Path is also known as the Envelope Sender, MAIL FROM, or Bounce Address. These terms are interchangeable.

What Is SPF?

SPF (Sender Policy Framework) is a DNS-based authentication protocol that specifies which mail servers can send email for a domain. Receiving servers check SPF records to verify the sending server is authorized. For SPF to “pass” and align with your domain, the Return-Path domain must either match your sending domain or be a subdomain of it. This is called SPF alignment.
For a deeper explanation of SPF authentication, read our What is SPF knowledge base article.

How Lettermint Handles SPF

Lettermint uses a CNAME-based approach for SPF, which means you don’t need to create or maintain an SPF record yourself. Here’s how it works:
  1. You add a CNAME record for lm-bounces.yourdomain.com
  2. The CNAME points to Lettermint’s infrastructure (bounces.lmta.net)
  3. We maintain the SPF record at that target domain
  4. When receiving servers look up SPF, they follow the CNAME and find our valid SPF record
This approach ensures your SPF configuration stays current without manual updates.

Configuration

To set up your Return-Path for SPF:
  1. Navigate to Domains in your dashboard
  2. Select your domain or add a new one
  3. Locate the Return-Path CNAME record in the DNS configuration section
  4. Add the record to your DNS provider
Return-Path CNAME record in Lettermint dashboard
The CNAME target points to Lettermint’s bounce handling infrastructure, which includes our SPF record: 
bounces.lmta.net.  TXT  "v=spf1 include:spf.lmta.net -all"

Verification

After adding the CNAME record, verify it’s configured correctly: 
# Check the CNAME record
dig CNAME lm-bounces.yourdomain.com +short
Expected output: 
bounces.lmta.net.
To verify the SPF record at the target: 
# Check the SPF record at the CNAME target
dig TXT bounces.lmta.net +short
Expected output: 
"v=spf1 include:spf.lmta.net -all"

Troubleshooting

CNAME Not Resolving

If dig returns no results:
  • Wait for propagation: DNS changes can take up to 48 hours, though most propagate within minutes
  • Check for typos: Ensure the hostname matches exactly what’s shown in your dashboard
  • Verify the record type: Make sure you created a CNAME record, not a TXT or A record

Conflicting Records

CNAME records cannot coexist with other record types at the same hostname. If you have an existing A, TXT, or MX record at lm-bounces.yourdomain.com, remove it before adding the CNAME.

Cloudflare Proxy

If using Cloudflare, ensure the proxy status is set to “DNS only” (gray cloud), not “Proxied” (orange cloud). CNAME records used for email authentication should not be proxied.

FAQ

No. Lettermint’s CNAME-based approach handles SPF automatically. The Return-Path CNAME points to our infrastructure, where we maintain the SPF record. You don’t need to add include:spf.lmta.net to your root domain’s SPF record.
No. Since Lettermint uses a subdomain (lm-bounces.yourdomain.com) with a CNAME record, it operates independently from any SPF record on your root domain. Your existing SPF configuration remains unchanged.
Yes. Each provider can use its own subdomain for the Return-Path, allowing multiple SPF configurations to coexist. Lettermint’s approach is designed to work alongside other email providers without conflicts.

Next Steps

Domain Authentication

Learn about all authentication records (DKIM, DMARC, Return-Path).

Project Limits

Restrict domain usage to specific projects in your team.