Set up an SPF Record to (theoretically) reduce the risk of your web app’s email being marked as spam

I’m setting up email sending from my domain instead of faking gmail.com because of mail delivery issues. To make this work without just going automatically to everyone’s spam folder I have set up an SPF record. I found the documentation on the web a bit dense trying to work this out so here’s a short look at what I did.

“Show Original” in gmail used to say:

Received-SPF: neutral (google.com: 74.54.101.112 is neither permitted nor denied by domain of bakert+fantasyfootball@gmail.com) client-ip=74.54.101.112;
Authentication-Results: mx.google.com; spf=neutral (google.com: 74.54.101.112 is neither permitted nor denied by domain of bakert+fantasyfootball@gmail.com) smtp.mail=bakert+fantasyfootball@gmail.com

Now it says:

Received-SPF: pass (google.com: domain of admin+2@ff.bluebones.net designates 178.79.178.155 as permitted sender) client-ip=178.79.178.155;
Authentication-Results: mx.google.com; spf=pass (google.com: domain of admin+2@ff.bluebones.net designates 178.79.178.155 as permitted sender) smtp.mail=admin+2@ff.bluebones.net

This means Gmail is less likely to mark email sent by my web app as spam, thanks to the SPF record I have set up.

An SPF record is implemented as a DNS TXT (as opposed to A, CNAME, etc.) record with no “name” and a value something like this:

v=spf1 a mx include:_spf.google.com ~all

Let’s break that down …

v=spf1 – this indicates that the record is an SPF v1 record.

A – this indicates that any IP address in an A record for this network is allowed to send email for this domain.

MX – this indicates that any IP address in an MX record for this network is allowed to send email for this domain.

include:_spf.google.com – this indicates that _spf.google.com is allowed to send email for this domain.

~all – this indicates that _spf.google.com is allowed to send email for this domain.

All parts of the record except v=spf1 are optional and can take a prefix of -, + or ~. If there is no prefix + is assumed. + means allowed, – means not allowed and ~ means might be allowed. all is the catch-all for anything not explicitly called out by the rule.

You might be interested in a more detailed guide to SPF record syntax.

Leave a Reply

Your email address will not be published.