“I did not get the email and I don’t want to work with your company” can be the most frustrating experience for a customer focused company. It can be even more frustrating for a community oriented group like ours (It can also create communication problems in your personal life, read on to know more). Emails play very significant role for our current web based customer support models (Some may agree, some may not and some may even declare email bankruptcy).
Email problems with Google Apps
Email delivery wasn’t a problem for our technical team. We were handling our mail servers well but the JS based gmail interface (with a Google speed search, filters) forced us to try out Google apps. We liked everything about Google apps except the painful messages by community members about email delivery failure. Ever since we have shifted our mail servers with Google, we found that our outgoing mails were going in spam folders which was bothering us and our community members.
We went through many existing discussions on similar issues but could not get a solution from Google reps. At last after some research our R&D came up with a small fix (After all a journey of a thousand miles starts with a single step, what a step it was!). R&D team stumbled upon the SPF records for our DNS zone.
SPF a quick start
The Sender Policy Framework (SPF) is an open standard specifying a technical method to prevent sender address forgery. Even more precisely, it allows the owner of a domain to specify his mail sending policy, e.g. which mail servers they use to send mail from their domain (In our case it was mortgagefit.com and google servers).
The technology requires two sides to play together:
- The domain owner publishes this information in an SPF record in the domain’s DNS zone, and when someone else’s mail server receives a message claiming to come from that domain, then
- The receiving server can check whether the message complies with the domain’s stated policy. If, for e.g., the message comes from an unknown server, it can be considered as a fake.
For more information on Email authentication and SPF record configuration visit http://www.openspf.org/Related_Solutions.
Example, Mortgagefit SPF for Google Apps
After I fixed this problem in MortgageFit, I decided to do this blog post in detail. As I said SPF stands for Sender Policy Framework and is an extension to Simple Mail Transfer Protocol (SMTP). What SPF does is nothing else but protects your domain from being forged by spammers. Lets understand it in simpler steps:
- Step1: Suppose a spammer forges a mortgagefit.com address (say firstname.lastname@example.org), connects from somewhere other than mortgagefit, say abcxyzspam.com and tries to spam you. Now when he sends the message you see MAIL FROM : email@example.com
- Step 2a: Now if mortgagefit.com does not publishes SPF record, then there is no way to authenticate the email sender.
- Step 2b: Now if mortgagefit.com publishes SPF record, that record will tell your computer how to find out whether the sending machine is allowed to send mail from mortgagefit.com. If mortgagefit.com’s SPF record says that they recognize the computer (IP, Domain) then you can assume that sender is who they say they are, but if that message fails the SPF test then it is forgery and thus you can tell that it is probably a spammer.
- Remember one point, if you are using desktop based application like outlook express or thunderbird then this will not work. Since that application will have the IP of your local ISP provider.
SPF for Google Apps
Google help says,
To set your domain’s SPF record, publish the following TXT record on the DNS resource: v=spf1 include:aspmx.googlemail.com ~all
Publishing an SPF record that lacks include:aspmx.googlemail.com or specifying -all instead of ~all may result in delivery problems.
SPF record for MortgageFit hosted with Google Apps
SPF entry for mortgagefit.com says,
v=spf1 a mx include:aspmx.googlemail.com ~all
The following table will explain it in detail
||This identifies the TXT record as an SPF string.|
||mortgagefit.com’s IP address is 126.96.36.199 (hurley.asmallorange.com).That server is allowed to send mail from mortgagefit.com.|
||This wizard found 17 names for the MX servers for mortgagefit.com:
ALT1.ASPMX.L.GOOGLE.com, gsmtp83.google.com, gsmtp93.google.com, ug-in-f27.google.com, ALT2.ASPMX.L.GOOGLE.com, hu-in-f27.google.com, gsmtp167.google.com, gsmtp163.google.com, el-in-f27.google.com, ASPMX4.GOOGLEMAIL.com, gsmtp163-2.google.com, ASPMX2.GOOGLEMAIL.com, ASPMX3.GOOGLEMAIL.com, ASPMX5.GOOGLEMAIL.com, gsmtp215-2.google.com, mu-in-f27.google.com, and ASPMX.L.GOOGLE.com.(A single machine may go by more than one hostname. All of them are shown.)The servers behind those names are allowed to send mail from mortgagefit.com.
||Any server allowed to send mail from
||SPF queries that do not match any other mechanism will return “softfail”.Messages that are not sent from an approved server should still be accepted but may be subjected to greater scrutiny.|
SPF record creation Wizard
You can create a what SPF record is best suited your domain at http://www.openspf.org/
Future of email authentication
- IP based authentication will grow weaker.
- Domain based authentication will stay but still won’t avoid the spammers hat.
- Email ID based authentication will play a very significant role.
In my opinion, a combination of (2) and (3) will play very significant role. So keep one of your email id as a very active and properly used email id that can be used for important conversation with your customers.
Some of the other Resources
This will help you from stopping your mails from landing into Spam or Bulk folders are mentioned below (the second, third and nth step for perfect email delivery).
- Sender Score
- Email certification and accreditation services
- Email deliverability and reputation services
- EmailAdvisor by Lyris: Email Legibility and Deliverability Enhancement Tools
- Email authentication for marketers
- Email blacklists