On Thu, Aug 16, 2012 at 5:06 PM, Merrill Oveson <[email protected]> wrote: > Yeah, I have an spf1 record in my DNS for our domain. > I guess gmail didn't bother to read it, or it's set up wrong. ? > > ie.: v=spf1 a mx ?all > > Or does gmail require a special spf1 record setup in their DNS? >
According to wikipedia: "? for a NEUTRAL result interpreted like NONE (no policy)." Your policy says to flag messages from our a and MX records as ok, and to not flag other messages at all. This means that they will just come through, although sometimes, if they are using a point based system to filter spam, they can weight having/not having the ok towards the point value. Obviously, though, that isn't enough in this case or it would have worked. v=spf1 a mx -all Which would tell google that if it wasn't received from an approved IP address, not to allow it. You might want to check your spf record though, to make sure that you have all possible IPs that gmail might send from in there. Google probably has a recommended SPF record you can use with all possible IPs listed. You might try softfail (~) first to test how common the failures are before actually failing the messages. You might try the DKIM option Lonnie mentioned. I'm no familiar enough with it to explain it, but form the little reading I've done, it seems to have promise. -John Shaver /* PLUG: http://plug.org, #utah on irc.freenode.net Unsubscribe: http://plug.org/mailman/options/plug Don't fear the penguin. */
