home | Web Development

Pass SPF to Prevent SBC and Other Providers from Marking Website-Generated Email as SPAM

I have a number of websites I have created for people over the years. Each website uses a simple conversion funnel - home > read stuff > contact > contact success - that culminates in a website-generated email that provides an easily recognized heartbeat for website success.

As a result of this approach, my clients know their website is working when they receive those contact emails. Unfortunately, some email providers block the website-generated messages. SBCGlobal.net is especially problematic as it does nothing with the message. It doesn’t even move it to a spam folder.

It took a long time to figure out how to solve the problem. It was a surprisingly difficult search - one of the instances where if you don’t know the keywords you’re pretty much at a dead end. I finally stumbled upon SPF, or Sender Policy Framework, and after some trial and error was able to solve the problem.

Hopefully this post makes it easier for people such as yourself, who are looking for an all-in-one-place solution to the problem. So here it goes:

Step 1: Configure your DNS to pass SPF.
You’ll need access to your raw DNS, which you can often get in the cpanel on your web server. You’ll also need to be mindful of anytime a script or web-based UI is used to add sub-domains, as it may over-write the SPF text you are about to add. And, since you’ll be messing with your DNS, do so at your own risk. I don’t want responsibility for any “hiccups.” Put the following line at the very end of your DNS. Make sure there is no period at the end of the line.

yourdomain.com. IN TXT "v=spf1 a -all"

So your DNS may look something like this:

$TTL 7200
@ IN SOA ns1.yourdomain.com. hostmaster.ns1.yourdomain.com (
2008031001 ; serial
28800 ; refresh
7200 ; retry
3600000 ; expire
86400 ) ; minimum
yourdomain.com. IN NS ns1.yourdomain.com.
yourdomain.com. IN NS ns2.yourdomain.com.
yourdomain.com. IN A 10.10.10.10
yourdomain.com. IN MX 10 yourdomain.com.
mail IN CNAME yourdomain.com.
www IN CNAME yourdomain.com.
ftp IN CNAME yourdomain.com.
yourdomain.com. IN TXT "v=spf1 a -all"

Step 2: Configure Your Email Headers
Make sure to set the Return-Path and Sender email headers to use an email address on the domain of the machine sending the email. So if your doing virtual hosts, this will be the domain of the main server, not your client’s domain. Email providers need to confirm the validity of the sender - hence the need to set Return-Path and Sender properly. To check your settings after you update your server-side code, send an email to your gmail account and use their “show original” command to see the message in its entirety, including all headers and messages.

Once you are successful, your email header will look something like this:

Return-Path:
Received: from yourdomain.com ([10.10.10.10])
by mx.google.com with ESMTP id b19si16435253ana.18.2008.03.11.05.42.40;
Tue, 11 Mar 2008 05:42:40 -0700 (PDT)
Received-SPF: pass (google.com: domain of nobody@yourdomain.com designates 10.10.10.10 as permitted sender) client-ip=10.10.10.10;
Authentication-Results: mx.google.com; spf=pass (google.com: domain of nobody@yourdomain.com designates 10.10.10.10 as permitted sender) smtp.mail=nobody@yourdomain.com
Received: from localhost (localhost [127.0.0.1])
(uid 99)
by yourdomain.com with local; Tue, 11 Mar 2008 08:36:49 -0400
id 000E2D4E.47D67CE1.00002B63

To: user@userdomain.com
Subject: Client Domain Web Contact
From: nobody@yourdomain.com
Reply-To: client@clientdomain.com
Old-Return-Path: nobody@yourdomain.com
Message-ID:


Good luck!

© 2008 Nathan Verrill.