SPF Records and Spam Filters

If you have a legitimate, non-spammy reason to send bulk email to users (service updates, newsletters, etc), it’s important to make sure that your mail is getting out and not getting trapped by spam filters, or scuttled by problems with your domain’s reputation.

Check your SPF record

Sender Policy Framework records are a way for servers receiving email to see if an email coming from your domain is coming from a legitimate server – this prevents spammers from sending email and pretending that it’s from you. To see who your domain says is allowed to send email:

dig verticallabs.ca TXT
If you have an SPF record, you should see an entry which looks something like this:
;; ANSWER SECTION:
verticallabs.ca.     5   IN  TXT  "v=spf1 include:mailserver.net ~al

This means that the only servers that can send mail for verticallabs.ca are mailserver.net. All others are flagged as a soft-fail, which means mail from them will be allowed, but flagged as suspicious. (More on SPF record syntax here.) The two important things to check in your SPF record are 1) your server is allowed to send email for your domain, and 2) everybody else’s server isn’t, or at least isn’t allowed to without careful examination (nb: don’t use +all).

Useful references:

Gmail’s bulk email guidelines
SPF record syntax
Scott Kitterman’s SPF testing tools