-1

I have a Django web app and I use Django's email backend to send out emails. I can't figure out why emails are ending up in spam folder. My domain host is GoDaddy so I added a TXT record

*.example.com TXT v=spf1 a ~all

This is the header of emails, sometimes I get different sending server IPs.

Return-Path: contact@example.com
Received: from www.example.com (li235-14.members.linode.com. [xxx.xxx.xxx.xx])
    by mx.google.com with ESMTP id u1si13870322qaf.95.2014.08.15.14.44.10
Received-SPF: none (google.com: contact@example.com does not designate permitted sender hosts) client-ip=xxx.xxx.xxx.xx;
Authentication-Results: mx.google.com;
   spf=neutral (google.com: contact@example.com does not designate permitted sender hosts) smtp.mail=contact@example.com;
Received: from localhost (localhost [127.0.0.1])
   by www.example.com (Postfix) with ESMTP id 23336B8E1

Should I add Linode's IPs as wildcards?

Any suggestions appreciated.

kasperd
  • 29,894
  • 16
  • 72
  • 122
oybek.t
  • 109
  • 3

1 Answers1

2

You should probably put the TXT on the bare domain, rather than (or maybe in addition to - depending on your plans) on a wildcarded subdomain.

If you put something in the DNS like:

*.example.com IN TXT "v=spf1 a ~all"

then foo.example.com will have SPF, but example.com won't!

You mention as well that sometimes you get different IPs in the headers of the emails. Do you have more than one IP associated with your linode? If so, you should configure your MTA to only use of them, or alternatively, make sure all of them are included in your SPF.

If you ever send email from anywhere other than your linode, make sure those IPs are included in your SPF as well too.

Do NOT add the entirety of linode's address space to your SPF. If you do, other linode customers would be able to spoof your domain, possibly send spam, and totally trash your domain's reputation. You don't want random unknowns able to send authenticated mail from your domain.

Also, I could not help but notice from the email headers you posted that you're using the generic linode rnds. You should definitely set the rdns to point to your own domain. While not related to the SPF issue, it may well be related to the deliverability issue.

You havent mentioned if you have incoming mail setup for your domain. If you don't, you should set it up ASAP. If you do/once you do, make sure the envelope sender you are using on your outbound mails actually maps back to a real mailbox, and then also please ensure that you have abuse@ and postmaster@ roles setup. This way you can receive and process any delayed bounces, and admins of other sites can reach you easily if there is an email problem.

Joe Sniderman
  • 2,749
  • 1
  • 21
  • 26
  • By generic rnds you meant this li235-14.members.linode.com? If so then how do I point it to my domain? Do I do it thru Linode website or GoDaddy? How do I also find out IP ranges that my emails are being sent from? – oybek.t Aug 16 '14 at 13:43
  • You change the rDNS through Linode's interface. They own the IP, changes to the rDNS go through them. Look in the "remote access" tab in the linode dashboard. – Joe Sniderman Aug 16 '14 at 14:02