-1

I have a Django web app and I use Django's email backend to send out emails. I can't figure out why emails are ending up in spam folder. My domain host is GoDaddy so I added a TXT record

*.example.com TXT v=spf1 a ~all

This is the header of emails, sometimes I get different sending server IPs.

Return-Path: contact@example.com
Received: from www.example.com (li235-14.members.linode.com. [xxx.xxx.xxx.xx])
    by mx.google.com with ESMTP id u1si13870322qaf.95.2014.08.15.14.44.10
Received-SPF: none (google.com: contact@example.com does not designate permitted sender hosts) client-ip=xxx.xxx.xxx.xx;
Authentication-Results: mx.google.com;
   spf=neutral (google.com: contact@example.com does not designate permitted sender hosts) smtp.mail=contact@example.com;
Received: from localhost (localhost [127.0.0.1])
   by www.example.com (Postfix) with ESMTP id 23336B8E1

Should I add Linode's IPs as wildcards?

Any suggestions appreciated.

kasperd
  • 31,086
sql-noob
  • 109

1 Answers1

2

You should probably put the TXT on the bare domain, rather than (or maybe in addition to - depending on your plans) on a wildcarded subdomain.

If you put something in the DNS like:

*.example.com IN TXT "v=spf1 a ~all"

then foo.example.com will have SPF, but example.com won't!

You mention as well that sometimes you get different IPs in the headers of the emails. Do you have more than one IP associated with your linode? If so, you should configure your MTA to only use of them, or alternatively, make sure all of them are included in your SPF.

If you ever send email from anywhere other than your linode, make sure those IPs are included in your SPF as well too.

Do NOT add the entirety of linode's address space to your SPF. If you do, other linode customers would be able to spoof your domain, possibly send spam, and totally trash your domain's reputation. You don't want random unknowns able to send authenticated mail from your domain.

Also, I could not help but notice from the email headers you posted that you're using the generic linode rnds. You should definitely set the rdns to point to your own domain. While not related to the SPF issue, it may well be related to the deliverability issue.

You havent mentioned if you have incoming mail setup for your domain. If you don't, you should set it up ASAP. If you do/once you do, make sure the envelope sender you are using on your outbound mails actually maps back to a real mailbox, and then also please ensure that you have abuse@ and postmaster@ roles setup. This way you can receive and process any delayed bounces, and admins of other sites can reach you easily if there is an email problem.

Joe Sniderman
  • 2,829