Lorem Ipsum

Say that you have your own domain name (like my kith.org). And say that you want to send mail to other people’s Gmail addresses.

Sometimes, Gmail may think that legitimate mail from you is spam. (Note that this can happen even if you use G Suite for your mail!) Here’s how to reduce the likelihood of that happening.

Short version: Create and publish an SPF DNS record.

Long version:

It turns out that when Gmail receives a piece of mail from another domain, part of its spam-detection involves looking at the domain name that the mail comes from (like, say, kith.org); and if Gmail has seen a lot of spam that was supposedly from that domain, then it’s more likely to mark this new mail as spam.

Which is all well and good, except that it’s trivially easy to put a fake From address on email. So spammers use fake From addresses, and that hurts the reputation of the real domains. For example, spammers have been sending out spam that pretends to be from kith.org for many years, and so when Gmail sees mail from my @kith.org address, it thinks to itself: Oho! Another piece of spam! And it marks the mail as spam, and my intended recipient never sees it, and they wonder why I never replied to their email.

It turns out that there’s a widely used system that helps deal with this problem. It’s called Sender Policy Framework, or SPF, and it lets owners of a domain publicly declare which servers can legitimately send mail for that domain. So one way to reduce the likelihood of Gmail deciding that legitimate mail from your domain is spam is to publish an SPF record for your domain.

An SPF record is essentially a list of IP addresses that you’re saying are legitimate sources of mail from your domain. After you publish an SPF record, when Gmail gets mail that says it’s from your domain, Gmail can look at the IP address that the mail came from, and compare that to the list of legitimate addresses, and depending on whether the address is legit or not, it can think to itself either Okay, this message comes from a legitimate IP address for this domain, so I won’t assume it’s spam just because of the domain name, or Hmm, this message says it’s from this domain, but it’s not from a legitimate IP address for this domain, so it must be spam.

You don’t have to specify the IP addresses in numeric form, though. Instead, you can specify “mx” and “a” (to indicate the IP addresses given by your domain’s MX and A DNS records), and you can add individual server names (in place of their numerical addresses), and you can use “include” directives to include all the IP addresses associated with a particular domain or server.

SPF syntax is non-obvious. A good way to create an SPF record is to use the SPF Wizard.

But that wizard and various other SPF-related web pages seem to suggest that you should collect all of the numeric IP addresses that might ever send mail from your domain and list those all explicitly. Which makes sense if you have a specific set of static IP addresses. But if you don’t, then there’s no need to explicitly list numerical IP addresses as such.

One important note: There’s a limit on the number of DNS lookups that the SPF system will process, and nested lookups count toward that limit. So if you do an include of a domain that does further includes, you can quickly reach the limit, at which point I think the SPF record no longer has any effect. So don’t use a lot of includes.

Anyway, after much uncertainty about exactly what I should put in my SPF record for kith.org, I finally called tech support for Pair (my web host and mail host). (They have a couple of good support pages aboout SPF, but those pages don’t make clear exactly what should be in the record.) With their help and the help of the SPF Wizard, I finally ended up with this SPF record:

v=spf1 mx a a:azaz.mail.pairserver.com, a:azaz.pairserver.com include:webmail.pair.com ~all

and I put that in a TXT DNS record that I created using the domain management tools at my.pair.com.

It’ll take a day or two for that record to propagate. After it does, I think/hope that it’ll significantly reduce the chances of Gmail considering mail from me to be spam. We’ll see.

Huge thanks to Celia, who first told me that SPF was likely to help; to Emily, who did a bunch of research and condensed it into a much more understandable and less scary form than the multitude of SPF-related web pages; and to Ben at Pair tech support for telling me what specific servers to list.