A few months ago, Google adjusted its spam policy, which means that emails that were previously fine may no longer pass. If there is a problem with the SPF and DKIM record, a mailer daemon will return the sent email. The reason is simple: when sending an email to Gmail, the SPF and DKIM error occurs due to missing DNS records for the domain. What can be done about it? Let’s take a look today, how to fix SPF and DKIM error on G-mail.
How to fix SPF and DKIM error on G-mail
SPF (Sender Policy Framework)
The SPF (Sender Policy Framework) record is used to verify whether the email server sending emails from a particular domain is legitimate. This record is part of the DNS (Domain Name System) records for the domain and contains information about which email servers are authorized to send emails from this domain.
The purpose of the SPF record is to fight against spam and fraudulent emails that pretend to be sent from legitimate sources. If the email server receiving emails from a particular domain finds that the sending server is not authorized, it may mark the email as spam or even reject it altogether.
The SPF record is written as a text record in DNS and contains a special syntactic structure that describes which email servers are authorized to send emails from the domain. The SPF record may also contain information on how to handle emails that do not comply with defined rules.
In simple terms, the SPF record defines the email server from which you send emails. If a spammer forges your domain and sends a fraudulent email containing your domain, the target email server will reject it. The server also checks from which IP address the email was actually sent. If this IP address does not match the records in the SPF, spamer have a problem. The email will be classified as spam and will not reach the recipient’s mailbox.
DKIM (DomainKeys Identified Mail)
The DKIM (DomainKeys Identified Mail) record is used to verify the authenticity of emails sent from a particular domain and ensures that they have not been altered during transmission. To verify the email, a digital signature is used, which is created using the DKIM record and attached to the email when it is sent. The email recipient can verify whether the email originates from the specified domain and whether it has been altered during transmission.
DNS records for each domain include a DKIM record that describes the digital signature used. If the system verifies the email using this record, it considers it trustworthy and secure. The DKIM record serves to provide credibility and security for emails sent from a particular domain.
How to fix SPF and DKIM error on G-mail (both DNS records are missing)
As mentioned above, both records serve to protect a domain from abuse by forged emails. Google recently introduced these two records as one of the conditions for successful email delivery. If you do not have these records created in the DNS for your domain, you run the risk of having emails returned to you with a similar error.
This is an automatically generated Delivery Status Notification.
Delivery to the following recipients failed permanently:
Reason: 550-5.7.26 This message does not pass authentication checks (SPF and DKIM both
550-5.7.26 do not pass). SPF check for [my-domain.com] does not pass with ip:
550-5.7.26 [18.104.22.168].To best protect our users from spam, the message has
550-5.7.26 been blocked. Please visit
550-5.7.26 https://support.google.com/mail/answer/81126#authentication for more
550 5.7.26 information. dc3-20020a170906c7c300b00924513630a6si8036426ejb.387 – gsmtp
So how to solve the problem?
The solution is relatively simple.
At the DNS administrator of your domain, you need to add two TXT records to the DNS. One will define the SPF record, and the other DKIM. You can always find both records from your web hosting provider or email services provider. They will first generate DKIM for you and then send you its value, which you must add to the DNS. The same applies to the SPF record. Its value should also be provided by the web provider. However, here’s a word of caution.
If you use multiple SMTP servers to send emails to the domain, you must have all the SMTP servers you use defined in the SPF record. Such a situation can typically arise if you use the SMTP server of your web provider at work, but at home, you have set up your internet provider’s SMTP server. In such a case, the SPF record must contain the IP addresses or ranges of both servers so that emails pass correctly.
The records look something like this:
SPF record (specifically for the Forpsi company):
v=spf1 a mx include:_spf.forpsi.com -all
DKIM record (Forpsi again):
v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEfsdAOCAQ8AMIIBCgKCAQEA6ZcmJIxdGtl6n0zi5HvN6pB+KxY7y+UgtFcTNQrAO0nfbX7Lie7TT+RmQmcA0l2iZ3eoprbWzforzft1zt7MPBlr5UECxPPhRxLEVzMxsaPlsV6rKJwv9nnWg6bI9wkru7v3qUPmRFdUf34QCOntft3Sr9bx3oKzqnsU2AuwSQdWSackgsHOWUsI4LnJGdDUBh+m7qRDeyFwlr7xCKywcMaLkjGeTsdfsdfsLOQ4AgHGWjbKM3/hgZE8YXxpTZl4KJw7xgIL8P2xyfY69/MqNnw8OM/lJLew1z9rSLt5LjapXHx83dd9OnohFYsHbNrZ/dwtUALMcC5sLZlmbrInYmZsQIDAQAB
How to fix SPF and DKIM error on G-mail – conclusion
Adding both records is not significantly complicated in principle. If you are not able to deal with such a situation on your own, you can always contact your DNS administrator and ask for help. If the customer support on the web hosting and DNS administrator side is helpful, they will be happy to assist you with the configuration. In some cases, they may even set up the DNS records for you. Thanks to that, the error when emails are returned can be resolved within a few minutes. This can significantly reduce the number of situations where an error occurs when sending an email to Gmail.
Je mi líto, že pro Vás nebyl článek užitečný.
Jak mohu vylepšit článek?
Řekněte mi, jak jej mohu zlepšit.