If you use Gmail, as millions of people do, or if you send email to people who use that service, you may have noticed that the way Gmail filters spam has changed in the past couple of months. Gmail users are seeing many legitimate emails in their spam folders, and senders are finding that people don’t receive their emails. (Here are two Google support threads discussing this.)
It seems that Google has changed the way they handle domains, and is stricter regarding how those domains are configured. If you use your own domain for email, you should check carefully that you have configured the following. This Google support document explains three ways email can be verified. Note that if you have a Gmail account, you may need to make changes as well.
- SPF, or Sender Policy Framework, allows email servers to detect forged emails. One common problem with spam is that emails can be forged, using a legitimate domain to try to get past spam filters. SPF compares the sender’s IP address with the domain’s email server’s IP address. As Google’s support document says, “Without SPF, messages sent from your organization or domain are more likely to be marked as spam by receiving mail servers.”
- DKIM, or DomainKeys Identified Mail, is another way that email servers can check if the originating servers for emails are forged, by adding a digital signature to emails.
- DMARC, or Domain-based Message Authentication, Reporting and Conformance, is another way that you can prevent your domain from being spoofed in emails.
Of the above, the most important, and the easiest to configure, is SPF. Here’s how to do it.
One problem I’m seeing is that many people never check their Gmail spam folders. It’s hard for me to understand that people would trust an algorithm to decide which emails they see. When I contacted people I had sent email to by a different method, such as Twitter, and asked them to check for my emails they found them in their spam folder. It’s true that Gmail has an effective spam filter, but looking at both the inbox and spam folders on a Gmail account I have shows that it is relatively ineffective, with lots of spam in the inbox, and several legitimate messages in the spam folder.
If you use your own domain for email, configure the above, or have your email host configure the domain for you. It only takes a few minutes, and your email will be less likely to be flagged as spam. And if you use Gmail, check your spam folder regularly.
How can I learn more?
Each week on the Intego Mac Podcast, Intego’s Mac security experts discuss the latest Apple news, security and privacy stories, and offer practical advice on getting the most out of your Apple devices. Be sure to follow the podcast to make sure you don’t miss any episodes!
You can also subscribe to our e-mail newsletter and keep an eye here on The Mac Security Blog for the latest Apple security and privacy news. And don’t forget to follow Intego on your favorite social media channels: