In this article, we will explain in ‘plain English’ what is the SPF, how it works and why it is critical for your campaigns also if it’s not a YAMM specific requirement.
It’s important to understand the vulnerabilities of email messages.
Check your domain SPF record
SPF (RFC7208) is an email authentication protocol that allows the owner of a domain to specify which mail servers are authorized to send mail from that domain.
As a Google Workspace admin, it is recommended to set a valid SPF record for your domain to avoid your emails to be flagged as spam. YAMM will notify you when you are facing this issue.
Check if everything has been correctly set up by your IT administrator using the following Google’s tool:
If you see this message in the tool linked above:
It means your IT administrator hasn’t added a valid SPF record for Google mail servers.
If your SPF record is incorrect or missing, some recipient domains may reject messages from your users because they cannot validate that the messages come from an authorized mail server.
Here’s the Google documentation to learn more about SPF record and how to configure it for your Google Apps domain: Help prevent email spoofing with SPF records
Google states in its documentation that 'If your domain does not have an SPF record, some recipient domains may reject messages from your users because they cannot validate that the messages come from an authorized mail server.'
Wikipedia also explains that 'If a domain publishes an SPF record, spammers and phishers are less likely to forge e-mails pretending to be from that domain, because the forged e-mails are more likely to be caught in spam filters which check the SPF record. Therefore, an SPF-protected domain is less attractive to spammers and phishers. Because an SPF-protected domain is less attractive as a spoofed address, it is less likely to be blacklisted by spam filters, and so ultimately the legitimate e-mail from the domain is more likely to get through.'
That's why users of YAMM are now notified in the add-on if we see issues with the DNS configuration of their domain, with information they can share with their IT department/domain name registrar.