3

I have a domain on my host which I've added to Gmail. It has the following SPF record,

"v=spf1 a ~all"

All emails that I send from Gmail are correctly verified and have the following header,

spf=pass (google.com: domain of demo@mydomain.com designates 123.456.789.10 as permitted sender).

I'm wondering how did that happen since I haven't added any Gmail IP to the record? Is it not necessary?

EDIT: The IP 123.456.789.10 in the message source is of my host. I always thought that since I've added the domain to gmail, it is gmail that sends the email. How does this actually work?

Thanks!

Vinith Almeida
  • 135
  • 1
  • 6

1 Answers1

2

You are correct: this SPF wouldn't pass, if it was sent from Gmail. To allow Gmail you should have

"v=spf1 include:_spf.google.com +a ~all"

which includes all Google netblocks, i.e.

include:_netblocks.google.com include:_netblocks2.google.com include:_netblocks3.google.com

If you see your IP there, the mail was sent from that host. It's completely normal that your server by default uses local SMTP server for delivery; settings your incoming MX records to Gmail doesn't automatically reconfigure your outgoing mail settings. However it's fine to have several sources as long as you list them all in your SPF record. (You may also need different DKIM selectors.)

Esa Jokinen
  • 43,252
  • 2
  • 75
  • 122
  • Thanks. I will look into the DKIM records, they're set up automatically ATM. **Aside:** I see you've added a _"+"_ before _"a"_, what does it do? – Vinith Almeida Sep 04 '17 at 13:59
  • It's the same. In [SPF Record Syntax](http://www.openspf.org/SPF_Record_Syntax) the `+` is the _default qualifier_ and assumed if there's no other qualifier (`-`, `~` or `?`). – Esa Jokinen Sep 06 '17 at 02:51