I'm using Ipower for web and email hosting. I was recently made aware that SPF and DMARC were set to neutral, causing all of our outgoing emails to go to spam. I updated both records and they worked for a bit. My issue is that some of our users have IP addresses that constantly change. I add the updated IPs to SPF but it's not sustainable. Is there a way to account for changing IPs in SPF? SPF is currently set to soft fail since I don't want these emails to be outright rejected when the IP changes. v=spf1 ip4:XX.XX.XXX.X/XX ~all | example configuration
8
-
2Why don't your users send their mail through the central SMTP submission server or smarthost which address is (almost) never changes? Only that address need to be added into the SPF record. And that server also can manage signing with DKIM and therefore only one DKIM record will be needed. The server could use SMTP authentication with usernames and passwords rather than identifying by ever-changing IPs. (This is how such things are done in the civilized world.)– Nikita KipriyanovCommented Sep 2, 2022 at 14:08
-
3Also, SPF and DMARC were set to neutral, causing all of our outgoing emails to go to spam — this is quite debatable. Sending mail from dynamic IP pools is much more likely to cause mails to spam (or even get rejected without queuing).– Nikita KipriyanovCommented Sep 2, 2022 at 14:14
-
4I was recently made aware that SPF and DMARC were set to neutral, causing all of our outgoing emails to go to spam - I seriously doubt that was the cause.– joeqwertyCommented Sep 2, 2022 at 14:25
-
1So your users run SMTP server software on their computers and send email directly to the recipients email servers? That sounds a bit odd.– joeqwertyCommented Sep 2, 2022 at 14:26
-
"Why don't your users send their mail through the central SMTP submission server or smarthost which address is (almost) never changes?" We do (smtp.ipower.com). I'm new to all this and trying to figure it out piece by piece. Gmail is one of the culprits of sending us to spam and they recommended setting up stricter DMARC and SPF to avoid being sent to spam. I did that and our emails stopped being marked as spam. I assumed that the neutral setting was the issue but I could be completely wrong.– Neil CCommented Sep 2, 2022 at 14:38
|
Show 3 more comments
1 Answer
You should not track users IP in SPF. It's not designed nor for massive IP lists nor for realtime updates.
Your users should send mail using your mail servers.
You should have proper MX RRs pointed to your recieving smtp servers.
If you use same servers for recieving and sending to simplify administration you may use SPF RR like
example.com. IN TXT "v=spf1 mx ~all"
what means mail from domain example.com will accepted from hosts listed in MX records.
If you send emails via smtp servers not listed in MX records you may use SPF RR with smtp server's IPs or domain names
example.com. IN TXT "v=spf1 ip4:x.x.x.x a:sender.example.com ~all"
Using IP in SPF is more effective due less dns queries needed.
This is how it works.
-
Thanks for the reply. Users are using the main email servers but they are being tagged as spam in Gmail. I updated to the SPF that you recommended but I'm still having the same issue.– Neil CCommented Sep 6, 2022 at 20:00
-
Google use other technics besides spf to categorize mail as spam. You should figure out them further. These technics may not related to dns, spf, dkim or others. These needs futher investigations. They may analyze maybe mail headers of you users mail and now they in some sort of google's own spamlist. Check logs and replies from gmail servers further. Post you investgation here.– gapsfCommented Sep 6, 2022 at 20:24
-
Check this for starting support.google.com/mail/answer/81126?hl=en– gapsfCommented Sep 6, 2022 at 20:27