July 12 2023

Undelivered mail returned to sender. The Sender must authenticated with at least one of SPF or DKIM

Errors sending emails to Gmail due to missing SPF and DKIM records.

gmail mail rejected

As of November 2022, Gmail has introduced a new policy that now requires email senders to be authenticated by an SPF (TXT) or DKIM record or messages risk being marked as spam.

Since the introduction of this new policy last November, more and more of our customers have seen their emails marked as spam, or even rejected outright, by Gmail experiencing errors like the ones in the screenshot below:

Here is the official statement released by Google (Gmail):

Email authentication requirements for sending to Gmail accounts

As of November 2022, new senders sending emails to personal Gmail accounts must set up either SPF or DKIM. Google randomly checks new messages from the sender to personal Gmail accounts to verify their authentication. Messages without at least one of these authentication methods will be rejected with a 5.7.26 error, or marked as spam. This requirement does not apply to you if you are an existing sender. However, we recommend that you always set up SPF and DKIM to protect your organization's email and support future authentication requirements. To ensure that your messages are not marked as spam or rejected by Gmail, you will need to add the respective SPF (TXT) record of your mail server in your DNS zone.

SPF (Sender Policy Framework)

SPF, or Sender Policy Framework, is an email authentication protocol designed to prevent identity theft via email, also known as "spoofing." This powerful protocol allows domain owners to define, in a specific and certified way, which e-mail servers are authorized to send messages on behalf of their domain.

The functioning of the SPF is based on a key operation: when an e-mail message is received, the recipient's mail server not only reads the content of the message, but also checks the SPF record of the domain from which the e-mail is received. email comes. This record is basically a list of servers that are allowed to send mail on behalf of that domain.

The SPF protocol then analyzes whether the mail server that sent the message is one of those listed in the SPF record. If the server is not among those authorized in the SPF record, the protocol flags the message as potentially dangerous. Based on the recipient's mail server policies, the email may then be marked as spam, quarantined, or even rejected.

Properly implementing the SPF protocol is a critical step in protecting your domain and the reputation of your email address while ensuring that your communications reach their intended recipients. Recall that a proper implementation of the SPF is a policy increasingly considered by major email service providers, including Gmail, to filter incoming email traffic.

DKIM (DomainKeys Identified Mail)

DKIM

DKIM, or DomainKeys Identified Mail, is an email authentication standard that plays a crucial role in maintaining message integrity and confirming the authenticity of the sender's domain. This system provides a sort of "digital seal", an imprimatur that identifies and confirms the origin of the message.

The way DKIM ensures the authenticity and integrity of a message is quite unique. Every email sent from a DKIM-enabled domain is digitally “signed” with a private key unique to that domain. This digital signature is then inserted into the message header in the form of a DKIM record.

When the recipient's mail server receives the email, it checks the signature using the sending domain's public key, which is available as a public record in the domain's DNS zone. If the signature is valid and the message has not been altered in transit, the mail server accepts the email.

Using DKIM offers a powerful tool for ensuring that legitimate email messages are delivered as they should, while preventing them from mistakenly ending up in spam folders. This helps build your domain's reputation as a reliable source of email, facilitating the delivery of future communications. Additionally, using DKIM helps prevent identity theft and other types of email fraud, thus protecting both your recipients and the reputation of your domain.

What are the correct SFP and DKIM values?

Each email service provider has specific SPF and DKIM records, which represent a kind of unique 'fingerprint' for each e-mail server. If you are using a dedicated instance acting as a mail server using, for example, Plesk or cPanel, you may need to get the SPF and DKIM records directly from the control panel. These records should then be pasted into the DNS zone setup for your domain, which you should have access to.

If you are not comfortable with these technical operations and you fear that you will not be able to correctly retrieve the SPF and DKIM records and configure them in the DNS zone, we recommend that you contact your hosting provider. Alternatively, you could contact our system assistance service: we are ready to solve this problem for you within about an hour.

Having SPF and DKIM properly set up is crucial, especially for email delivery to Gmail. Correctly configuring these authentication protocols offers several advantages:

  1. Higher probability of delivery: Emails sent from a domain with valid SPF and DKIM records are less likely to be marked as spam, thus improving the likelihood that your messages reach the recipient's inbox.
  2. Better domain reputation: Mail servers that properly verify SPF and DKIM authentication help build a positive reputation for your domain, which can improve email delivery in the long run.
  3. Protection against phishing and spoofing: SPF and DKIM help prevent fraudulent activities such as phishing and email spoofing, thus protecting your domain and your recipients from possible threats.
  4. Compliance with Gmail policies: As mentioned earlier, Gmail has introduced new policies that require SPF or DKIM authentication for new senders. Having these records properly set up is therefore essential to maintaining the ability to send emails to Gmail users.

How do I solve the problem if I'm not a technician?

If technical terminology such as SPF, DKIM and DNS seem confusing to you and you don't feel comfortable attempting to configure these elements yourself, don't worry, you're not alone! Understanding and correctly implementing SPF and DKIM configurations can be a challenge if you are not an IT professional. But there's no need to worry, we're here to help.

Our system assistance service is available for you. Our experts can help you set up your SPF and DKIM records correctly, ensuring your emails are delivered as expected and don't end up in your recipients' spam folder. Even if the problem seems complex, in many occasions we manage to solve it in an hour or even less.

Don't let setup issues keep you from reaching your customers through email. If you're having trouble delivering email to Gmail or other email service providers, please contact us. We'll do our best to resolve your issue as quickly as possible, so you can focus on what really matters: your business. Contact us now and let us take care of your email problems.

Do you have doubts? Don't know where to start? Contact us!

We have all the answers to your questions to help you make the right choice.

Chat with us

Chat directly with our presales support.

0256569681

Contact us by phone during office hours 9:30 - 19:30

Contact us online

Open a request directly in the contact area.

INFORMATION

Managed Server Srl is a leading Italian player in providing advanced GNU/Linux system solutions oriented towards high performance. With a low-cost and predictable subscription model, we ensure that our customers have access to advanced technologies in hosting, dedicated servers and cloud services. In addition to this, we offer systems consultancy on Linux systems and specialized maintenance in DBMS, IT Security, Cloud and much more. We stand out for our expertise in hosting leading Open Source CMS such as WordPress, WooCommerce, Drupal, Prestashop, Joomla, OpenCart and Magento, supported by a high-level support and consultancy service suitable for Public Administration, SMEs and any size.

Red Hat, Inc. owns the rights to Red Hat®, RHEL®, RedHat Linux®, and CentOS®; AlmaLinux™ is a trademark of AlmaLinux OS Foundation; Rocky Linux® is a registered trademark of the Rocky Linux Foundation; SUSE® is a registered trademark of SUSE LLC; Canonical Ltd. owns the rights to Ubuntu®; Software in the Public Interest, Inc. holds the rights to Debian®; Linus Torvalds holds the rights to Linux®; FreeBSD® is a registered trademark of The FreeBSD Foundation; NetBSD® is a registered trademark of The NetBSD Foundation; OpenBSD® is a registered trademark of Theo de Raadt. Oracle Corporation owns the rights to Oracle®, MySQL®, and MyRocks®; Percona® is a registered trademark of Percona LLC; MariaDB® is a registered trademark of MariaDB Corporation Ab; REDIS® is a registered trademark of Redis Labs Ltd. F5 Networks, Inc. owns the rights to NGINX® and NGINX Plus®; Varnish® is a registered trademark of Varnish Software AB. Adobe Inc. holds the rights to Magento®; PrestaShop® is a registered trademark of PrestaShop SA; OpenCart® is a registered trademark of OpenCart Limited. Automattic Inc. owns the rights to WordPress®, WooCommerce®, and JetPack®; Open Source Matters, Inc. owns the rights to Joomla®; Dries Buytaert holds the rights to Drupal®. Amazon Web Services, Inc. holds the rights to AWS®; Google LLC holds the rights to Google Cloud™ and Chrome™; Microsoft Corporation holds the rights to Microsoft®, Azure®, and Internet Explorer®; Mozilla Foundation owns the rights to Firefox®. Apache® is a registered trademark of The Apache Software Foundation; PHP® is a registered trademark of the PHP Group. CloudFlare® is a registered trademark of Cloudflare, Inc.; NETSCOUT® is a registered trademark of NETSCOUT Systems Inc.; ElasticSearch®, LogStash®, and Kibana® are registered trademarks of Elastic NV Hetzner Online GmbH owns the rights to Hetzner®; OVHcloud is a registered trademark of OVH Groupe SAS; cPanel®, LLC owns the rights to cPanel®; Plesk® is a registered trademark of Plesk International GmbH; Facebook, Inc. owns the rights to Facebook®. This site is not affiliated, sponsored or otherwise associated with any of the entities mentioned above and does not represent any of these entities in any way. All rights to the brands and product names mentioned are the property of their respective copyright holders. Any other trademarks mentioned belong to their registrants. MANAGED SERVER® is a trademark registered at European level by MANAGED SERVER SRL, Via Enzo Ferrari, 9, 62012 Civitanova Marche (MC), Italy.

Back to top