Adding SPF record on my company's domain(destination) for the purpose of validating an external vendor(source of email)

Hi

 

I have a question regarding SPF records. I have a basic understanding of this concept, that it is a DNS record which offers proof to the mail recipient servers of the source mail server that sent the mail.

 

"For example, suppose that your domain example.com uses Gmail. You create an SPF record that identifies the G Suite mail servers as the authorized mail servers for your domain. When a recipient's mail server receives a message from user@example.com, it can check the SPF record for example.com to determine whether it is a valid message. If the message comes from a server other than the G Suite mail servers listed in the SPF record, the recipient's mail server can reject it as spam"

 

I am working on a request which says soandso.com will be sending emails to our xyz.com domain users ( our employees) and i should be adding an SPF record on my end to make their emails come in as if they are comming from our domain(xyz.com) itself.

 

This is confusing me, because based on the basic defenition quoted above it says the sender should be configuring the SPF record on their end. right?

 

Note: There are other SPF records created on our GTMs currently but all of them are in Zones that we are managing, this case, zone soandso.com is not managed by us. do we need to create sub domain in our xyz.com zone and add SPF record in that ? like : soandso.xyz.com pointing to "include: spf...."

 

Appreciate any help in figuring out the best way and reasoning to implement this kind of request.

 

Thanks Sri