Fixing a DNS Issue that Makes Your Emails Look Like Spam

Ryan Palo - May 16 '19 - - Dev Community

This happened to me today, and I wanted to share it in case anybody else ran into the same problem.

Our domain name, email, and website hosting is done through Godaddy. It's reasonably cheap, and it works, so we leave it alone. And then late last year, I redid our website as a static site since I was spending an inordinate amount of time keeping Wordpress plugins updated and we weren't using the Wordpress site for anything more than rendering static pages anyway. Most of the design was done by another lady at our company, and I implemented it and came up with a few ideas. You can see it here. It's not earth-shattering, but I feel like I did a pretty reasonable job for someone who's much more comfortable on a command line than on the front end.

Anyways.

Once we achieved static site goodness, I put Cloudflare CDN in front of it to speed things up even more and to capitalize on the free SSL cert. In order to do this, I had to re-route the DNS so that the DNS came through Cloudflare before it hit our Godaddy server. Both sides of this have pretty great documentation, so it was a pretty easy switchover (which is surprising because DNS is hard).

Cloudflare picked up the DNS traffic it needed and forwarded the rest that it didn't, including email.

And, mysteriously, many of my emails started going into people's junk folders.

The Problem: SPF

SPF stands for Sender Policy Framework. It's a way for owners of domains to specify which servers are allowed to send emails for that domain. This is to help prevent somebody from spoofing, pretending to be from your domain. If the server that sends your email isn't approved by your DNS server, people's spam filters will get cranky. Once Cloudflare was driving my DNS, but my email was being sent from *.secureserver.net (Godaddy's webmail servers), the problem started popping up.

The Solution: Add an Extra DNS Record

I noticed that there's an actual SPF record available on Cloudflare, so there may be an even better way to solve this, but all of the guides I could find said to create a TXT record for my domain with the value:

v=spf1 a mx include:secureserver.net ~all
Enter fullscreen mode Exit fullscreen mode

As far as I can tell, this should tell everyone that, even though DNS is happening through Cloudflare, they should accept emails sent from a secureserver.net server. I'm not sure if this will fix things, but I think it should help.

Bonus Shoutout: Mail-Tester

The thing that helped me diagnose the issue so quickly (and also provide a ton of knowledge I didn't know before about DNS stuff) is a site called mail-tester.com. You send them an e-mail and they look at all your headers and let you know what a spam filter would flag.

Anyways, hope this helps somebody else. If you know more than me and have a better way of fixing this, let me know! DNS is something that seems like one of those things that is intimidating at first but not that bad once you internalize the rules a little bit. I'm still stuck in the intimidating phase, but we'll get through it!

Edit 5/17/19: “SPF” was “SFP,” three places. Thanks Paul!

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .