Why no SPF? – surely Gmail will reject!

  • xjamesb

    (@xjamesb)


    1 year, 1 month ago

    The Gmail guidance on the new authentication requirements.

    Email sender guidelines – Google Workspace Admin Help

    Explicitly says that the server domain of third party senders such as MailPoet should be added to the originator’s SPF record or deliverability WILL be affected. They state that is not sufficient to rely on DMARC and DKIM alone as suggested in your support page (linked below).

    To comply with Gmails requirements I have added your servers to my SPF records as follows,

    • include:sendingservice.net ~all

    Please confirm that this was the correct thing to do and that this is the correct domain to add.

    • This topic was modified 1 year, 1 month ago by xjamesb.

    The page I need help with: [log in to see the link]

Viewing 4 replies - 1 through 4 (of 4 total)
  • Thread Starter xjamesb

    (@xjamesb)

    1 year, 1 month ago

    Update (+3 hours)

    Having read the Amazon SES documentation I now realise that adding a SPF record is not sufficient. I must also add a CNAME that maps host to your sending server. This is because the domain in the MAIL FROM header must match the sender’s domain. This requires code changes on the MailPoet side because you must send using this CNAME not as you do at present your own server name. I guess that this is a big change for you.

    Plugin Support Thu P. a11n

    (@thup90)

    1 year, 1 month ago

    Hi there,

    I understand you want to know about adding SPF record.

    If you use a third-party service to send your MailPoet newsletters (like SendGrid or ElasticEmail), you’ll need to add their SPF or DKIM records to your website’s DNS. Read how to add or edit your SPF record to help you set up an SPF record in your host’s DNS records. 

    Users sending with MailPoet’s Sending Service usually don’t need to set up their own SPF, as messages will automatically have MailPoet Sending Service’s SPF set up. As you’re sending through our servers,  sendingservice.net SPF will be checked, not your domain’s, and it’s expected it’s not aligned with your domain from the sender’s domain. However, as long as DMARC and DKIM records pass, it should not impact your deliverability.

    For more information on this, please check our guide on email authentication: https://kb.mailpoet.com/article/295-spf-dkim-dmarc

    Feel free to get back to us in case you have any additional questions!

    Thread Starter xjamesb

    (@xjamesb)

    1 year, 1 month ago

    Thank you for your reply which quotes from the MailPoet manual on this topic. However I believe that you are wrong. I include the guidance from Google below and bold the relevant text for your reference.

    SPF

    SPF prevents spammers from sending unauthorized messages that appear to be from your domain. Set up SPF by publishing an SPF record at your domain. The SPF record for your domain should reference all email senders for your domain. If third-party senders aren’t included in your SPF record, messages from these senders are more likely to be marked as spam. Learn how to define your SPF record and add it to your domain.

    I have moved my high volume clients from MailPoet to Amazon SES as a precaution.

    Plugin Support Feten L. a11n

    (@fetenlakhal)

    1 year, 1 month ago

    Hi there!

    Thank you for your answer and we are sorry to hear that you moved to Amazon SES.

    As my colleague said, when using Mailpoet Sending service, you don’t need SPF.

    You can check that by testing if sending is working as expected and determining your “spam score” or likelihood of ending up in the spam inbox: https://www.mail-tester.com/

Viewing 4 replies - 1 through 4 (of 4 total)
  • The topic ‘Why no SPF? – surely Gmail will reject!’ is closed to new replies.

Tags