And just to add on a data point (Bill, I know you're not the enemy here), one of my personally-maintained mail servers does TLS and the other doesn't, I do have proper reverse DNS but used not to, and while I have SPF I've never done DKIM, and I've never had any trouble getting mail to Gmail.
Right. SPF is every bit as good as DKIM, the advantage of DKIM is you can use random servers as long as you sign your messages. Since I am small and run my own mail server, SPF is totally fine and can "prove" that I authorized the email.
That's why either is fine for DMARC. But even with that and TLS encryption Google sometimes fucks with me. As I said, since our Govt is using it the result is I am locked out of the legislative process.
Google. Well their goal is to make max money. If that screws people over then oh well.
But in the meantime setting up SPF/DMARC and TLS on your mail server will fix most problems. Doing SPF checks on email also will cut down on your spam from "Big name" domains. And the reports you get back showing how many fails you have because shit-bags in Russia are trying to spoof your From: will tell you how sad it is out there.
CZ
