Does Google/Gmail & Yahoo/YMail cache DNS information related to SPF

I am configuring my linode server to send mail from my webapp to users. I could use GoogleApps, but the 500/day limit it too restrictive, hence I'm attempting to set it up myself.

I set up Exim4 on my server using these instructions provided by linode. All good.
I tested sending an email to my gmail/yahoo using this command on the server:

$ echo "This is a test from myapp." | mail -s Testing myaddress@gmail.com

I do receive the email in my Gmail inbox (not marked as spam), and also in my Ymail (marked as spam). Wanting to not be marked as spam, I inspected the header of the email that was sent.

I see these lines (me obfuscating with XXX) in the gmail header:

Received-SPF: neutral (google.com: 69.XXX.XXX.XXX is neither permitted nor denied by best guess record for domain of root@mail.myapp.com) client-ip=69.XXX.XXX.XXX;
Authentication-Results: mx.google.com; spf=neutral (google.com: 69.XXX.XXX.XXX is neither permitted nor denied by best guess record for domain of root@mail.myapp.com) smtp.mail=root@mail.myapp.com

This is the header of the email that Yahoo receives:

Received-SPF: none (mta1192.mail.mud.yahoo.com: domain of root@mail.myapp.com does not designate permitted sender hosts)

So it seems like the SPF record was not set (which it wasn't). Since I own the domain, I went to insert this SPF text into my records:

http://img.skitch.com/20100712-gsi6gsqie7d41c35d8gmnxigu2.png

To be exact, I set
1) the subdomain mail.myapp.com to an A record pointing to my IP.
2) a TXT record for "@" as "v=spf1 ip4:69.XXX.XXX.XXX a a:mail.myapp.com ~all"

This seems like all I should have to do appropriately set the ips/domain names as a SPF record. However, when testing gmail/yahoo again it continues to give me the same "Neutral" status on Gmail, and spam status on Yahoo.

I am suspecting that the Google Gmail / Yahoo Ymail servers must be caching my DNS information on their end, and I'll continue to get this "neutral/spam" status until the myapp.com DNS entry is flushed from their cache. Does anyone know if they do cache this info, and how long it typically takes before the SPF information is picked up? Anything else I might have done wrong or should check?

Best Answer

If I'm following your setup correctly you have your SPF record set on the root, but you are sending email from the sub-domain

if the 'envelope from' of the email is root@mail.myapp.com then you need to change the "@" txt record to "mail". if you were sending mail from root@myapp.com then your setup would be correct.

So something like this

;;in the myapp.com zone
@    IN   TXT  "v=spf1 ip4:69.XXX.XXX.XXX ~all" ;covers root@myapp.com
mail IN   A    69.xxx.xxx.xxx
mail IN   TXT  "v=spf1 ip4:69.XXX.XXX.XXX ~all" ;covers root@mail.myapp.com

Best Answer

Related Solutions

What’s wrong with the SPF record

PTR OK, SPF, DKIM passed but email messages are marked as Spam by Google

Related Topic