Almost all free mail providers like Gmail and Yahoo Mail will filter out spam or spoofed emails by validating the source (SMTP server), if your mail server have not been validated, the delivered mails may be blocked or directly go to receivers' Trash folder. Let's see an example of original message from a doubtful source:
...
Received-SPF: none (google.com: no-reply@example.com does not designate permitted sender hosts) client-ip=10.23.58.124;
Authentication-Results: mx.google.com;
spf=neutral (google.com: no-reply@example.com does not designate permitted sender hosts) smtp.mail=no-reply@example.com
...
Sender Policy Framework (SPF)
The root cause could be the missing SPF setting in DNS records. If you are a domain administrator, you can add a TXT record containing SPF string to your authoritative name servers.
example.com. IN TXT "v=spf1 ip4:10.23.58.124 a -all"
Don't forget to enclose SPF string by double quotes. Now, you have to wait for the record broadcast over the internet.
In SPF string, you can list all the IP addresses that shall be permitted to send mail from this domain to the internet. By this formal and official way, you announced the listed IP addresses can be trusted by the mail providers.
Now, we have a picture of the scheme:
- The free mail provider received the message which has the key information including the sender domain and sender IP address.
- The free mail provider verified the source by looking up the TXT/SPF record of the sender domain on name servers.
- If the sender IP address is listed in the SPF string, then the source is trustable.
- Otherwise, the source remains doubtful. The free mail provider might block the message or dump it into Trash folder.
Let's see the record from any clients by nslookup:
C:\Users\ed>nslookup -type=txt example.com
Server: dns.hinet.net
Address: 168.95.1.1
Non-authoritative answer:
example.com text =
"v=spf1 ip4:10.23.58.124 a -all"
Now, your SPF will be pass and trusted. Let's see the test result:
...
Received-SPF: pass (google.com: domain of no-reply@example.com designates 10.23.58.124 as permitted sender) client-ip=10.23.58.124;
Authentication-Results: mx.google.com;
spf=pass (google.com: domain of no-reply@example.com designates 10.23.58.124 as permitted sender) smtp.mail=no-reply@example.com
...
Maybe you have noticed that I rewrote the sender address into no-reply@example.com instead of apache@example.com. For more details, please refer my post: How to Rewrite Return-Path and Sender Address in Postfix.