Jump to content

Community

SPF must allow Google servers to send email


Recommended Posts

Note : https://toolbox.googleapps.com/apps/main/

I found myself facing the problem of messages to and from Gmail that never reached my inbox. The test under Invision Community is very practical to carry out this type of sending to the messaging of your choice. Except Gmail! I scoured the web for tools, and fell on Google. So I used the G Suite Toolbox to resolve the problems I was having with G Suite services. I will keep you posted because your new SPF record takes effect within 48 hours (propagation).

SPF must allow Google servers to send email on behalf of the domain

Source : https://support.google.com/a/answer/33786

Help prevent email spoofing with SPF records

Protect against forged emails that appear to come from your domain

Spammers might send emails that appear to come from your domain. This is called spoofing. You can add a Sender Policy Framework (SPF) record to your domain host to help your recipients know where emails from your domain should be coming from and that they aren't spoofed.

If you bought your domain from a Google partner (GoDaddy.com, eNom.com, and DomainDiscount24.com) when you signed up for G Suite, you might not need to do this. For details, see Settings managed by your domain host.

Add an SPF TXT record to your domain host

Your domain host keeps text settings (called DNS records) that direct web traffic to your domain. An SPF TXT record lists the mail servers that can send email from your domain. If a message is sent from a server that's not in the record, the recipient's server might consider it spam.

Note: A domain can only have one SPF record, but your record can list multiple servers. For details, see Add multiple servers to an SPF record.

  1. Sign in to your domain account at your domain host (not your Google Admin console).
  2. Go to the page for updating your domain's DNS records.
    This page might be called something like: DNS management, name server management, or advanced settings.
  3. Find your TXT records and check if your domain has an existing SPF record.
    The SPF record starts with "v=spf1".
  4. If your domain already has an SPF record, remove it. If not, skip to step 5.
  5. Create a TXT record with these values:
    • Name/Host/Alias—Enter @ or leave blank.
      Other DNS records for your domain might indicate the correct entry.
    • Time to Live (TTL)—Enter 3600 or leave the default.
    • Value/Answer/Destination—Enter v=spf1 include:_spf.google.com ~all
  6. Save the record.

Your new SPF record takes effect within 48 hours.

Add multiple servers to an SPF record

Your domain can only have one SPF record. However, you can update your SPF record to include all your mail servers. For example, if you set up an outbound email gateway, your SPF record includes the Gmail server address and the outbound gateway SMTP server address.

To add a mail server to an existing SPF record, enter the server's IP address before the ~all argument. Use the format ip4:address or ip6:address as shown in this example:

v=spf1 ip4:172.16.254.1 include:_spf.google.com ~all

To add a mail server's domain, use an include statement for each domain. For example:

v=spf1 include:serverdomain.com include:_spf.google.com ~all

Link to post
Share on other sites

The process works perfectly, I was able to send and receive very quickly in my Gmail mailbox my first message from the configuration settings of Invision Community, version 4.4.10:

email google.png

Link to post
Share on other sites

For others who may be interested...

You should be aware more than 10 spf lookups will cause an error, "FAIL". If you get a "FAIL" reduce the lookups.

You should enable DKIM on your domain for additional security. 

IMPORTANT: Google may show "FAIL" even though it's correct. This is because they are forcing providers to move up to 2048 encryption.

For now, if you have 1024 encryption you are good. 

Link to post
Share on other sites
Posted (edited)

@GTServices If DKIM is checked during website creation, or later when DKIM is generated for website.

 

  • SPF specifies the servers authorized to send e-mail for a domain
  • DKIM verifies that the content of the message is authentic and that it has not been modified
  • DMARC specifies how your domain handles suspicious incoming e-mail
Edited by Claude
Link to post
Share on other sites
Posted (edited)
7 hours ago, GTServices said:

You should enable DKIM on your domain for additional security.

 
DKIM configuration procedure
 
  • Generate your domain key
  • Add the public key to your domain's DNS records. This key allows mail servers to verify the DKIM signatures of messages
  • Activate the DKIM signature to start adding it to all outgoing messages

Should we also create a TXT record with include: _spf.google.com in the following records in our domain: mail.example.com and www.example.com, since the domain example.com already has Google instructions?

Edited by Claude
Link to post
Share on other sites
  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

We use technologies, such as cookies, to customise content and advertising, to provide social media features and to analyse traffic to the site. We also share information about your use of our site with our trusted social media, advertising and analytics partners. See more about cookies and our Privacy Policy