Emails going to spam - DKIM and SPF set up but not working correctly

sa-ma · July 7, 2021, 10:05am

All order emails from my Shopify store are going to spam. My email provider is google. I have verified my email with shopify, and in the DNS added the google DKIM and SPF for both shopify and google, but the emails are still going to spam with the error SPF Neutral with IP xxxxx and DKIM Fail.

Prior to moving to cloudflare the emails were going to the inbox and passing both DKIM and SPF, so there must be something wrong with the settings but I can’t figure out what!

Is it possible to attach a screenshot to show settings?

michael · July 7, 2021, 10:14am

Is the IP covered by your SPF record?

Can you share the domain?

sa-ma · July 7, 2021, 10:44am

Hi Michael, thanks for your message! No the IP is not in my spf record at the moment, this is what my SPF is right now -

v=spf1 include:shops.shopify.com ~all include:_spf.google.com ~all

The domain is safomasi.com

michael · July 7, 2021, 11:20am

For starters, that record has two ~all instructions. You should change to have just one ~all at the end.
v=spf1 include:shops.shopify.com include:_spf.google.com ~all

sa-ma · July 7, 2021, 11:22am

Thanks for your help, I’ll change that. Should I also add the IP in the spf? If so, what would be the correct way of writing it?

michael · July 7, 2021, 11:27am

All IP addresses that are sending email should be included in the SPF. If the sender is not covered by the includes, then the ip4 directive is needed.

v=spf1 include:shops.shopify.com include:_spf.google.com ip4:192.0.2.1/24 ~all

sa-ma · July 7, 2021, 11:41am

Thanks Michael.

Sorry I’m new to all this - I don’t understand what the ip4 directive is, should I write it exactly as you have above, or change the IP to the IP address that google mail has said is ‘Neutral’?

michael · July 7, 2021, 11:42am

Is the address the address of one of your servers, or was it a Google address?

192.0.2.1/24 is a documentation address, and would need to be replaced with the actual sending address if it is not covered by the includes.

sa-ma · July 7, 2021, 11:50am

I think it’s actually a shopify IP - the emails that are going to junk are sent by shopify under my email address, and shops.shopify.com is already in the includes, but could it work to add it and replace the address with the actual IP like below?

v=spf1 include:shops.shopify.com include:_spf.google.com ip4:149.72.238.129 ~all

michael · July 7, 2021, 11:54am

That is a SendGrid address, and is not covered by the shops.shopify.com include. You’ll need to investigate and adjust the SPF as needed. What addresses you need is outside the scope of this community.

sa-ma · July 7, 2021, 11:58am

Right ok, thanks, I’ve also realised it keeps on changing, it’s not the same for every email.
Is there anything else you recommend I investigate to help solve the issue?

tom49 · July 8, 2021, 12:20pm

Hello Safo,
you mite also like to try at the unix shell:

dig mx safomasi.com
dig spf safomasi.com

That would return:
safomasi.com. 300 IN MX 5 alt2.aspmx.l.google.com. safomasi.com. 300 IN MX 10 alt3.aspmx.l.google.com. safomasi.com. 300 IN MX 10 alt4.aspmx.l.google.com. safomasi.com. 300 IN MX 1 aspmx.l.google.com. safomasi.com. 300 IN MX 5 alt1.aspmx.l.google.com.
and also
safomasi.com. 3600 IN SOA kaiser.ns.cloudflare.com. dns.cloudflare.com. 2037733626 10000 2400 604800 3600

sdayman · July 8, 2021, 1:47pm

MX records have nothing to do with outbound mail.
The SPF record type has been deprecated. spf info should be in a TXT record.

sa-ma · July 8, 2021, 4:07pm

@tom49 thanks, I seem to already have the MX records as you have written, but don’t have an SOA record, only a NS record for kaiser.ns.cloudflare.com

sa-ma · July 8, 2021, 4:08pm

@sdayman thanks for your reply, yes the SPF is already in a TXT record.

system · July 23, 2021, 4:08pm

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.