bobjohnbob at gmail.com
Thu Aug 16 17:24:59 MDT 2012
On Thu, Aug 16, 2012 at 5:06 PM, Merrill Oveson <moveson at gmail.com> wrote:
> Yeah, I have an spf1 record in my DNS for our domain.
> I guess gmail didn't bother to read it, or it's set up wrong. ?
> ie.: v=spf1 a mx ?all
> Or does gmail require a special spf1 record setup in their DNS?
According to wikipedia:
"? for a NEUTRAL result interpreted like NONE (no policy)."
Your policy says to flag messages from our a and MX records as ok, and
to not flag other messages at all. This means that they will just
come through, although sometimes, if they are using a point based
system to filter spam, they can weight having/not having the ok
towards the point value. Obviously, though, that isn't enough in this
case or it would have worked.
v=spf1 a mx -all
Which would tell google that if it wasn't received from an approved IP
address, not to allow it. You might want to check your spf record
though, to make sure that you have all possible IPs that gmail might
send from in there. Google probably has a recommended SPF record you
can use with all possible IPs listed.
You might try softfail (~) first to test how common the failures are
before actually failing the messages.
You might try the DKIM option Lonnie mentioned. I'm no familiar
enough with it to explain it, but form the little reading I've done,
it seems to have promise.
More information about the PLUG