Monday, March 21, 2016

spf - Sending email from a Google Apps address



I have a website in a Linode VPS in Linode.



The email address to receive emails is hosted in Google Apps, but I send emails from postfix.




For that to work and not cause problems with spam folders, I have created this SPF record:



v=spf1 include:_spf.google.com ~all


Unfortunately all email gets into the spam folder, especially on Hotmail.



Reading guides and answers here in serverfault, I concluded that I need to add the ip4 info in my SPF record, like this:



v=spf1 ip4:xxx.xxx.xxx.xxx include:_spf.google.com ~all



My emails contain a header image, that is loaded remotely from the same domain. Obviously ISPS hide automatically this image, but is it a factor to classify the email as spam? Do I need anything else taking into account my setup? Is DKIM absolutely necessary?


Answer



You definitively need an ip4 mechanism on your record including the IP address of your server, since it is from there that you send email.



A SPF record basically says: 'The servers whose IP are listed here can send email for this domain'



Since you listed only gmail servers but are not using them to send your email but instead sending using postfix, everyone is understandably judging your email as spam. (you said your email would come from google but sent it from elsewhere).




To clarify, those are the servers your record says can send email for your domain:



sh-3.2$ dig _spf.google.com TXT +short
"v=spf1 include:_netblocks.google.com ?all"
sh-3.2$ dig _netblocks.google.com TXT +short
"v=spf1 ip4:216.239.32.0/19 ip4:64.233.160.0/19 ip4:66.249.80.0/20 ip4:72.14.192.0/18 ip4:209.85.128.0/17 ip4:66.102.0.0/20 ip4:74.125.0.0/16 ip4:64.18.0.0/20 ip4:207.126.144.0/20 ip4:173.194.0.0/16 ?all"


It would in fact be better if you didn't have an SPF record at all instead of having the record above.




I suggest you change your record to something like:



v=spf1 ip4:xxx.xxx.xxx.xxx ~all


DKIM is helpful, specially with Hotmail but you will get an improvement already if you fix your SPF (and if your email volumes are not too high and your email content is not spammy).



Wikipedia article on SPF may be helpful


No comments:

Post a Comment

linux - How to SSH to ec2 instance in VPC private subnet via NAT server

I have created a VPC in aws with a public subnet and a private subnet. The private subnet does not have direct access to external network. S...