Join Log in
Score:0
SyberKnight avatar Server

Confused About Why SPF Needs My Email Apps Domain

tr flag
SyberKnight

FYI:

  • we have a custom domain and we pay for Google Workspace to use that domain for our email/gmail.
  • i have SPF, DKIM, & DMARC all setup, and a Google tek support person verified it was correct over a year ago.
  • we use the Apple Mail app on our Macs & iPhones to send/receive these emails.
  • i've also verified that the Apple settings are correct.
  • it's been working great, for many many years, until recently. since aprox last fall (of 2022), we're randomly/periodically having some emails bounce back claiming authentication is not setup (even tho it is). sometimes simply resending them works.

i just got off of a chat tek support with Google about this, and they told me to change our DNS TXT SPF record of...

v=spf1 include:_spf.google.com ~all

to this...

v=spf1 include:_spf.apple.com include:_spf-txn.apple.com include:_spf.google.com ~all

can someone please explain to me, IN PLAIN ENGLISH, why we would need to add Apple domains to our SPF record when our emails are NOT going thru any Apple servers?

the support person was unsuccessful in helping me to understand this concept, and i've read & read about SPF but can't find out why this particular thing, is a thing.

doesn't make sense to me because the settings in Apple Mail are set to use Google in & out. how does apple.com play into it at all?

and if that was wrong/bad advice/instruction, does anyone have an idea why (and how to fix) some emails are bouncing?

thanks.

163
1 + 2
spf
anx avatar
fr flag
anx
"bounce back" would usually means that you have a message that contains not just plain English, but also additional technical information about the route that caused the trouble. Show it. Then clarify whether the IP address mentioned therein belongs to you, to apple or to a incorrectly configured client in your organisation that should be changed, rather than authorizing additional senders.
0
Reply
SyberKnight avatar
tr flag
SyberKnight
@anx, thank you for that. you pointed me in a direction i hadn't thought of. there are 2 IP addresses in the bounce info. one goes to Google & the other to our website host! that should not be happening. so then i looked at the Apple Mail settings & the SMTP is set to the domain instead of smtp.gmail.com. changing it to that did not work. then i found this help page (https://support.google.com/googlecloud/answer/10636287) with Workplace configs that hadn't been done yet (didn't know about these). so will go thru that & report back asap.
0
Reply
Score:1
SyberKnight avatar Server
tr flag
SyberKnight

So far so good!

as in above comment, after finding...

https://support.google.com/googlecloud/answer/10636287

...and following all those instructions, i was "then" able to use the "smtp.gmail.com" as the outgoing mail server in Apple Mail (where prior to adjusting the Workspace settings per that link, trying to use that smtp would fail).

now emails sent from the Google Workspace custom domain in Apple Mail goes thru correctly - eliminating any reference to the domain's web host.

+ 0
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.