Setting up your DNS with a Sender Policy Framework (SPF) record is a great way to help ensure that your email makes it through to your intended recipients.
In a nutshell, a SPF record in your DNS tells the receiving mail server whether your email server is allowed to send mail for your domain. It really helps the receiving server to trust that your message isn’t forged, unlike the vast majority of SPAM messages. There is quite a bit more to it, so if you’re interested then check out Wikipedia on SPF.
Here’s an example of the SPF record that is setup for my domain:
“v=spf1 a mx include:google.com, include:shaw.ca, include:shawcable.net ~all”
Essentially, it says that the computers associated with my A and MX records are allowed to deliver email on behalf of itinfusion.ca. It also allows me to send itinfusion.ca email through my gmail account and via my ISP Shaw.
Assuming my SPF record is setup correctly, it gives other sites a wam fuzzy feeling because my email is coming from servers that I have authorized to be able to send mail on my behalf.
It is true that SPF has not been as widely accepted as many had initially hoped. The vast majority of domains don’t have SPF configured. However, most good anti-SPAM systems do contain support for SPF and actively use it as a means of filtering out forged SPAM if available. If you have correctly configured SPF then it can help to ensure that your emails make it through.
A side benefit to SPF is some protection from “Joe Jobs”. This occurs when a spammer forges millions of SPAM message so that they appear to be coming from your domain. Without SPF configured, when the messages start bouncing they will all end up in your inbox and can cripple your server. With SPF configured, remote servers can tell that the SPAM messages are forged and won’t bounce them back to your domain. Of course, this only works for remote servers that check SPF, but that number is growing steadily and will certainly help.
Don’t use include:shawcable.net in your spf record. Shaw does not publish spf/txt records for that domain (they are actually included in the include:shaw.ca. The bad thing about using includes instead of ip4 is that if any include fails the whole spf lookup will be marked as PermError – A permanent error was encountered. The E-mail should be rejected.
We recently added SPF records for two of our domains and the records have propagated the internet the best we can tell. What’s odd is that GMail still considers email from the newly listed servers as spam. How often does GMail update their filter based on SPF records? Does anyone know?
Just because your domain has SPF records is no guarantee that gmail will accept mail from your domain.
SPF is a small (but potentially important depending the the receiving server) part of the equation. I’d be checking the hostnames and mailnames of your server(s). Make sure that they have A records and the PTR records map back to the corresponding host names.
Are any of your IP addresses in any RBL lists?
It may also be that you’ve blacklisted by gmail based on past sins. If that is the case, you may be in tough…