I manage a VPS on Linode accessed through subdomain.example.com and I need to send email from this subdomain. I can't set any TXT records in Linode DNS manager because the name servers for example.com are something else, not ns1.linode.com, etc. So I need to ask someone who has access to example.com to add some records for me. How are TXT records for SPF and DKIM different if they are set in the domain dashboard for a subdomain?
DKIM and SPF Setup for a Subdomain
dkimspfsubdomain
Related Solutions
I think I found two possible reasons why mails are listed as spam.
First, as someone previously suggested (and as I was already aware of), missing PTR for sending server could be main cause.
Second, since this server is hosted in AWS cloud, and Amazon has worked with Spamhaus to add all their IP ranges to PBL by default, it could also be the reason... From what I know, PBL has certain weight in deciding if email will be marked as spam or not. Also, Amazon has blocked requests for removal of their IP's from Spamhaus PBL list directly - requests have to go through Amazon. Luckily, they offer a way to remove Elastic IP from this list, and to setup a PTR record, while you're at it.
So I'll see what happens after this process is complete.
UPDATE: Amazon added correct PTR record, and it didn't resolve the problem. However, after they removed IP from Spamhaus PBL, mails stopped being sent to spam. Meanwhile, many SMTP servers stopped accepting mails from my SMTP because of this PBL list, which was also resolved when PBL record was removed.
You need to have separate SPF records for each subdomain you wish to send mail from.
The following was originally posted on openspf.org, which used to be a great resource for this kind of thing.
Latest link http://www.open-spf.org/FAQ/The_demon_question/
The Demon Question: What about subdomains?
If I get mail from pielovers.demon.co.uk, and there's no SPF data for pielovers, should I go back one level and test SPF for demon.co.uk? No. Each subdomain at Demon is a different customer, and each customer might have their own policy. It wouldn't make sense for Demon's policy to apply to all its customers by default; if Demon wants to do that, it can set up SPF records for each subdomain.
So the advice to SPF publishers is this: you should add an SPF record for each subdomain or hostname that has an A or MX record.
Sites with wildcard A or MX records should also have a wildcard SPF record, of the form: * IN TXT "v=spf1 -all"
This makes sense - a subdomain may very well be in a different geographical location and have a very different SPF definition.
The 'include:' directive for SPF may be used to provide all subdomains with the same entries. For example, on the SPF record for subdomain mailfrom.example.com enter 'include:example.com'. In this fashion whenever you update the definition for example.com your subdomains will automatically pick up the updated values.
Best Answer
SPF and DKIM records for a subdomain would only apply to emails with a from address of that subdomain, i.e. emails from
user@subdomain.example.com. They'd be ignored entirely for email fromuser@example.com.