0

I'm using Ipower for web and email hosting. I was recently made aware that SPF and DMARC were set to neutral, causing all of our outgoing emails to go to spam. I updated both records and they worked for a bit. My issue is that some of our users have IP addresses that constantly change. I add the updated IPs to SPF but it's not sustainable. Is there a way to account for changing IPs in SPF? SPF is currently set to soft fail since I don't want these emails to be outright rejected when the IP changes. v=spf1 ip4:XX.XX.XXX.X/XX ~all | example configuration

8
  • 2
    Why don't your users send their mail through the central SMTP submission server or smarthost which address is (almost) never changes? Only that address need to be added into the SPF record. And that server also can manage signing with DKIM and therefore only one DKIM record will be needed. The server could use SMTP authentication with usernames and passwords rather than identifying by ever-changing IPs. (This is how such things are done in the civilized world.) Commented Sep 2, 2022 at 14:08
  • 3
    Also, SPF and DMARC were set to neutral, causing all of our outgoing emails to go to spam — this is quite debatable. Sending mail from dynamic IP pools is much more likely to cause mails to spam (or even get rejected without queuing). Commented Sep 2, 2022 at 14:14
  • 4
    I was recently made aware that SPF and DMARC were set to neutral, causing all of our outgoing emails to go to spam - I seriously doubt that was the cause.
    – joeqwerty
    Commented Sep 2, 2022 at 14:25
  • 1
    So your users run SMTP server software on their computers and send email directly to the recipients email servers? That sounds a bit odd.
    – joeqwerty
    Commented Sep 2, 2022 at 14:26
  • "Why don't your users send their mail through the central SMTP submission server or smarthost which address is (almost) never changes?" We do (smtp.ipower.com). I'm new to all this and trying to figure it out piece by piece. Gmail is one of the culprits of sending us to spam and they recommended setting up stricter DMARC and SPF to avoid being sent to spam. I did that and our emails stopped being marked as spam. I assumed that the neutral setting was the issue but I could be completely wrong.
    – Neil C
    Commented Sep 2, 2022 at 14:38

1 Answer 1

2

You should not track users IP in SPF. It's not designed nor for massive IP lists nor for realtime updates.

Your users should send mail using your mail servers.

You should have proper MX RRs pointed to your recieving smtp servers.

If you use same servers for recieving and sending to simplify administration you may use SPF RR like

example.com. IN TXT  "v=spf1 mx ~all"

what means mail from domain example.com will accepted from hosts listed in MX records.

If you send emails via smtp servers not listed in MX records you may use SPF RR with smtp server's IPs or domain names

example.com.   IN TXT  "v=spf1 ip4:x.x.x.x a:sender.example.com ~all"

Using IP in SPF is more effective due less dns queries needed.

This is how it works.

3
  • Thanks for the reply. Users are using the main email servers but they are being tagged as spam in Gmail. I updated to the SPF that you recommended but I'm still having the same issue.
    – Neil C
    Commented Sep 6, 2022 at 20:00
  • Google use other technics besides spf to categorize mail as spam. You should figure out them further. These technics may not related to dns, spf, dkim or others. These needs futher investigations. They may analyze maybe mail headers of you users mail and now they in some sort of google's own spamlist. Check logs and replies from gmail servers further. Post you investgation here.
    – gapsf
    Commented Sep 6, 2022 at 20:24
  • Check this for starting support.google.com/mail/answer/81126?hl=en
    – gapsf
    Commented Sep 6, 2022 at 20:27

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .