I, like many of you, use Google Apps for my email, mainly because it is very convenient and has excellent spam filtering capabilities. However, to ensure that messages show up properly and that they don’t end up in spam, there are some steps that need to be taken. In this post, I will give some helpful hints and samples for configuring your Google Apps’ Gmail service so that your messages aren’t classified as spam, and so that the dreaded “via” field doesn’t show up.
The “via” field is something that Gmail adds when you try to send email through it from alternate email addresses (some clients refer to it as on-behalf-of). For example, my main domain is korokithakis.net, but I want to send mail from stavros.io, without running a separate mail server. When incorrectly configured, Gmail messages with a stavros.io email appear on other Gmail inboxes (and other clients) as “whatever@stavros.io via stavros@korokithakis.net”, which is unsightly.
Without further ado, let’s look at what configuration changes we can make so our stuff shows up properly.
Sender Policy Framework
The Sender Policy Framework system uses DNS records to designate permitted sending domains. To designate that an SMTP server can send email on behalf of some domain name, you need to set a TXT record on your domain (the part of your address after the “@”). Here’s mine:
v=spf1 a mx include:_spf.google.com mx:myserver ~all
This says that the MX servers of the specified domain name can send mail on its behalf (for bounce emails, etc), the server at its A record can send mail, the servers at aspmx.googlemail.com
can send email, and myserver
(which is an SMTP server I maintain) can also send email for it, and all other servers will soft-fail (that’s the ~all
part).
This SPF record has served me well, and it’s generic enough that you can just paste it to your DNS record and it will work fine. Once changes have propagated, all receiving servers will know that the Gmail server that sends your email is authorized to send it bearing your domain name. More information about Google’s settings is available on their support page.
DomainKeys Identified Mail
The DomainKeys Identified Mail system is very similar to SPF, but it uses cryptographic signatures to sign each message, thus ensuring not only that it’s coming from the server that is claiming to send it, but that the message itself has not been tampered along the way.
You can enable DKIM from your Google Apps settings, you will receive a public key which you need to add to your DNS server (as before), and, once Google has seen that the record has been created, they will begin signing messages for you. This will further boost your server’s credibility, and recipients will be even more sure that messages aren’t spam.
Checking the settings
There are various services you can use to test your SPF/DKIM settings. Each of them will tell you if the settings are correctly implemented and working, so you can be sure that you have set everything up properly.
The Gmail “via” field
As I mentioned above, Gmail adds a “via originaldomain.com” to your email address if you try to send email from an alternate address of your Google Apps account. To remove this, you will have to have added the domain as an alias to your Google Apps account, so Gmail can sign outgoing messages with DKIM.
After you do this, enable DKIM and SPF, as specified above, and the “via” field should go away, so recipients will only see the alias domain.
However, Gmail appears to have a bug that makes the “via” field go away if you have SPF and DKIM disabled. I tested this by setting “send mail through <alias domain>’s email servers” to Google’s own servers, and saw that, when sending email, the alias email address is shown without any “via” fields. This, however, is not optimal, since other servers are likely to mark your email as spam, for lack of SPF/DKIM headers.
If you properly enable SPF/DKIM, you do not need to enable “send through <domain’s> servers”. You can just add an alias address and send from it, and Gmail will do the right thing and the email will be legitimate.
Conclusion
Using the above methods to enable SPF and DKIM for your email will enhance deliverability and allow you to set alias domains, in case you want to change your email address. It only took me a few minutes to set up these fields, and now my emails will (hopefully) show up as being sent from the alias address everywhere, with no unsightly “via” or “on behalf of” displays.
I hope the guide is easy to follow, please post a comment below if something is inaccurate or unclear.