What could cause Gmail SPF/DKIM issues and how to check authentication results in email headers?
Summary
What email marketers say9Marketer opinions
Email marketer from EmailGeeks forum explains that the Authentication-Results show the breakdown of the email check, and a fail means that the email has failed the check and there is likely an error somewhere in the DKIM or SPF configuration.
Email marketer from Mailhardener explains that an SPF Permerror can occur due to syntax errors or exceeding DNS lookup limits. They advise auditing your SPF record to resolve.
Email marketer from EmailToolTester explains that you can check the email headers to review the SPF/DKIM/DMARC results. EmailToolTester say you will see a 'pass' or 'fail' result and sometimes an error description if something went wrong during authentication.
Email marketer from GlockApps explains that analyzing email headers involves looking for the 'Authentication-Results' section, where you'll find the results of SPF, DKIM, and DMARC checks. GlockApps says to look at your IP reputation if there is a fail.
Email marketer from Postmark explains that DKIM configuration is important for preventing spoofing. Postmark says that issues arise from the incorrect setup or an incorrectly configured DNS record. They say to ensure your DKIM record has correct selector.
Email marketer from Mailjet explains that DKIM validation fails if the key used to sign the email doesn't match the public key in the DNS record. They recommend checking if you are using a valid and up to date key.
Email marketer from EasyDMARC explains that if an SPF record results in a 'Hard Fail,' Gmail is more likely to mark the email as spam. They say to ensure that any third party senders are included in your SPF record.
Email marketer from Reddit explains that Gmail's spam filter might be triggered if the sender's IP address is on a blocklist, causing SPF/DKIM to fail checks, therefore emails going to spam.
Email marketer from Stackoverflow answers question about SPF failures. The answer says that issues are often caused by the sender IP not being included in the SPF record.
What the experts say5Expert opinions
Expert from SpamResource explains that common SPF issues include DNS lookup limits, syntax errors and misconfigured include mechanisms, and these can cause authentication to fail and emails to bounce or be filtered.
Expert from Email Geeks provides an example of what the "Authentication-Results" section looks like in the email header.
Expert from Word to the Wise explains that the Authentication-Results header contains valuable information about SPF, DKIM, and DMARC checks. They say to pay close attention to the 'disposition' or 'reason' codes for further insights into authentication failures.
Expert from Email Geeks explains that the relevant authentication results will start with “Authentication Results” in the email headers.
Expert from Email Geeks shares that none of her clients are showing major issues with Gmail SPF/DKIM, suggesting it wasn't systemic on Google's end.
What the documentation says5Technical articles
Documentation from RFC explains the structure and meaning of the 'Authentication-Results' header field, used to report the results of SPF, DKIM, and other authentication methods.
Documentation from dmarcian explains how to find authentication results, in the email header. They also explain how to read the DKIM, SPF and DMARC results, including pass/fail states.
Documentation from Microsoft explains that DKIM issues can arise from incorrect key length or issues with DNS records. They recommend using tools like the DKIM validator to check for issues.
Documentation from AuthSMTP explains that an SPF 'Neutral' result (SPF = neutral) indicates that the domain owner hasn't asserted whether the IP address is authorized to send emails, which can affect deliverability.
Documentation from Google explains that an SPF record can cause issues if it's not set up correctly, including incorrect syntax, exceeding the 10 DNS lookup limit, or not including all sending sources. These errors can lead to emails being marked as spam.