Given how complicated it was to set up organizational email services in the previous decade, today’s self-service offerings from Microsoft and Google have significantly eased the process of setting up email for your-company.com with an affordable, highly-reliable and relatively secure provider. It literally takes a handful of minutes (if you know what you are doing) to go from zero to email, but there are still plenty of gotchas that can render your new service less than perfect. If your recipients keep finding your emails in their junk folder, it’s possibly worse than not having email service at all. It would be impossible for me to outline all the ways in which this may happen, but there is a common gotcha you might want to investigate.
SPF? Is my email getting sunburnt?
Recently several of our clients have had problems with email delivery caused by incorrect SPF records. In this case, SPF is an acronym for “Sender Policy Framework” and not “Sun Protection Factor”, but much like forgetting the sunscreen on your day outside, not having proper email SPF will result in you getting “burned” as your emails are marked as spam by your recipient’s email servers. Without getting into the bloody details, the Sender Policy Framework is one way email servers use to verify the sender is who they say they are, “Is this email actually from C2, or is someone spoofing the sending email address?” While spoofers can fake your email address, they can’t typically change your SPF record (if they can, you have much bigger problems), so it’s a reliable source of verification if it’s set properly!
Here’s how you will know your email is getting marked as spam for having an improper SPF record. From your company’s account, send an email to an outside email address that you have ready access to, such as a personal Gmail or Yahoo account. You will need to check the headers on that email for SPF failures – the formatting and verbiage you need to look for in the headers will vary depending on the recipient’s email provider, but Google returns failures that look like this:
Received-SPF: softfail (google.com: domain of transitioning [email protected] does not designate ##.##.109.66 as permitted sender) client-ip=##.##.109.66;
Authentication-Results: mx.google.com;
dkim=pass [email protected] header.s=20210112 header.b=TJLH3iac;
spf=softfail (google.com: domain of transitioning [email protected] does not designate ##.##.109.66 as permitted sender) [email protected]
If you find “Fail” anywhere in the header, that email will likely get marked as spam and will end up in Junk or Spam folders rather than the inbox. Now how does something like this happen? If you’ve gone through your providers guided setup process, or had email set up by someone like C2, your SPF records will be set properly, but if you recently made changes that might alter your DNS (like a website redesign!) or engaged a new cloud service that sends emails on your company’s behalf, you may need to check your SPF record to ensure it is set properly. You can check your current SPF record using a free tool at MXToolbox.com (not a sponsor, we just like the tools), but unless you are well-versed in DNS and domains, you may not be able to easily interpret the results. Either way, if your emails are getting delivered to spam regardless of your recipient’s whitelisting efforts, an incorrect SPF record may be the culprit and should be addressed as soon as possible!
Image by CrafCraf from Pixabay