If mail you send fails SPF it’s your problem, not the addressee’s
by Andrew Macpherson on Dec.02, 2009, under E-Mail hosting, SPF the Sender Policy Framework
I’ve been rehearsing that comment for a while, as people tell me they can’t send mail to my customers, and what am I going to do about it?
SPF is the Sender Policy Framework. If a mail fails SPF that means that the sender (you) has violated the policy set forth by the owner of the sending domain, or their agents, in an SPF record; the recipient is not an actor in this
By publishing an SPF record the sending domain’s owner has asked the world to make some simple checks that mail is coming from the correct place. These checks help with avoiding being impersonated.
When a correct rejection happens, we never hear about it. When a rejection hits someone who might legitimately expect to use the domain there are two possible causes, and one solution.
- The mail is coming from the wrong place, such as sending work mail through a home ISP because the VPN to work has dropped, or perhaps there’s a new gateway at work which hasn’t been configured into the SPF.
Another common case is trying to use an SPF protected address from public webmail providers who have not configured their servers in an SPF aware way. - Your domain’s SPF record is scrambled, so the receiving software can’t make a list of the places the mail is allowed to come from
The solution in both cases is to fix the SPF record, not to ask the recipient to special-case your mail.
There is a third case of websites doing the wrong thing which I’ve dealt with elsewhere
