original topic : Scoutbook emails fail SPF/DKIM
this remains broken as of Feb 15 2023:
This is likely why 1) GMail marks scoutbook messages as suspicious, 2) many email providers mark scoutbook emails as spam (per your post below).
If you do not fix this properly, email providers will add you to their blacklist again. It’s an automated thing.
Please listen to me. I oversaw email deliverability for a web property that sent millions of emails a day. I am not making this up. If you “report to BSA IT”, please CC me this time so I can help them with their DNS settings.
Specifically, you need:
1. add the IP address of your email service to your domain’s SPF record (
scouting.org); If your email service has not given you a dedicated IP address, you should upgrade to a plan that gives you one. Cost is usually $50-80/month.
2. make sure that IP address is added for all of the domains you’re sending email from, eg
scouting.org, but maybe there’s more.
specifically, your SPF record for scouting.org is
v=spf1 ip4:184.108.40.206/24 include:spf.protection.outlook.com include:spf.constantcontact.com include:cust-spf.exacttarget.com include:zcsend.net include:_spf.stgi.net ip4:220.127.116.11/23 ip4:18.104.22.168/23 ip4:22.214.171.124 ~all
but you’re sending email from
126.96.36.199, which is not within one of the CIDR blocks you list there.
That’s why, if you inspect raw email content that a recipient gets, you’ll see a header as follows:
Received-SPF: softfail (google.com: domain of transitioning email@example.com does not designate 188.8.131.52 as permitted sender) client-ip=184.108.40.206;
BTW, you should also review those other CIDR blocks. In aggregate, they allow > 1000 IPs to send email on behalf of
scouting.org; that is likely to be far more than you need. Even if you control those entire blocks, it’s a security risk.