I have a VPS that sends out mail from contact form(s). How do we set up SPF records while still masking the ip of the VPS?
For example a user visits mysite[.com] and fills out the contact form. In the mailing script I use a TO hardcoded as owner@mysite[.com] and FROM hardcoded as no-reply@WebDevCoName[.com].
WebDevCoName[.com] is otherwise protected by Cloudflare. How do I ensure email delivery from that domain name with SPF, while continuing to mask the VPS’s IP?
As @sdayman says you need a relay or you have to expose your IP, the very purpose of SPF is to prove origin so masking it is just a no-no.
Really I find managing email more hassle than its worth and I’m an email geek. I normally recommend using an ESP for this - my own pick is Mailgun. Free for 10,000pm (30,000 if you sign up via Transactional Email API Service For Developers | Mailgun). As well as getting SMTP credentials they have a pretty simple API too. The latter is useful in situations where hosts try to control SMTP ports etc (not relevant to you if you’re using a VPS you control but useful for many).
If you’re not sending large amounts of email chances are you can use a free tier. They will mask your IP (if done properly) so you really wont need to worry about this.
Mailgun, SendGrid, Postmark are great and if you have Office 365 Personal/Home editions, you’d have a Outlook Premium account which allow personalized domains. I’m sure Google must do the same as well.
Also, just using a standard VPS is bound to lower your IP reputation. Sending any email from a regular EC2 IP is insta-spam to Gmail at this point (but SES-dedicated IPs are good to go).
In most situations a relay is the only solution since they can manage their relation with Google, Yahoo, and Microsoft to ensure their spam filters working in the best of the users. Even a ~15 year old single IP with great reputation can be blacklisted for not playing ball: Avian’s Blog: Google is eating our mail.