spf

How to get your server's emails through Gmail's spam filter with Exim

There's one thing that most first-time server administrators have in common: they have to either learn a lot about how email and spam filters work, or they offload email delivery entirely to a third party.

The latter option is often the best option, since successful email delivery is a crazy complicated endeavor. I know, because I've worked on two separate medium-volume email delivery systems in the past (over 1,000,000 emails/month, to hundreds of thousands of recipients), and for both of them, I spent likely 1,000+ hours on email delivery problems.

But for many smaller sites, non-profits, and side projects, there's no budget for a reliable 3rd party email delivery service.

Recently, I was rebuilding a personal photo sharing website (just used for myself and my family and friends), and I decided to wipe the server clean and start over with an Ansible-based configuration that I could deploy locally and to any cloud environment. For email delivery, I decided to install Exim on top of a CentOS 7 minimal base image, and I used Drupal/PHP's mail functionality to pass messages to Exim.

Trouble sending emails from localhost or MAMP? Check your SPF

Email is hard. In fact, it's so hard that I probably have five or so blog posts half-written on this blog that I've abandoned simply because I don't think I could distill them down into something worthy of posting (I like being able to explain things understandably or not at all!).

I don't think there's anyone involved in administering a domain name and email who hasn't gotten burned by SPF (TXT) records at least once. Here's a good overview of how to build a proper SPF record for your domain. SPF records are used by many (if not most) ISPs these days to evaluate whether an email is coming from a particular domain or not.

Email providers like Google, Apple, Hotmail, etc. will evaluate every email they receive against your domain name's (example.com) SPF record, and if the email didn't originate from the IP address specified, or doesn't match up to any other SPF parameters, the email will be silently deleted. And this will cause you to pull your hair out.