I have a domain managed via Amazon's Route53 service. I have a Google Apps (free) account with 10 full users. To facilitate more than 10 users (we need about 12-14), I've been using a setup whereby extra users are represented as 'groups'. From time-to-time, however, they have problems sending/receiving mail, which is marked as spam. For each 'group', a normal gmail account is set up, and configured to receive mail from the group's email address, and send mail via Google's SMTP server.
For email sent from our site, we use Amazon's SES service.
I've tried a couple of online-spf checking services and the results look generally OK. However, I do have the following warning from Google's CheckMX tool:
There SHOULD be a valid SPF record.
SPF record specifies Gmail's IP addresses as valid for sending domain's messages If no other servers send mail on behalf of this domain then this record SHOULD be set to "v=spf1 include:_spf.google.com ~all"
My current SPF record reads:
"v=spf1 include:_spf.google.com include:amazonses.com ?all"
I'm not sure if this could be the cause of the problem; is there an adjustment I should make?
The warning from Google's MX tool is not a big problem. It's happening because your SPF record is not precisely the same as the one in their example. Since you are authorising Amazon's SES to send mail on your domain's behalf, your SPF record will have to be different from Google's example.
The
?allat the end, however, renders your SPF record almost useless. I understand that you're probably just testing it at the moment but you should change it to-allonce you're confident that it's correct.You can whitelist certain IP addresses in Google Apps's admin interface. I think you can do ranges as well (if I remember correctly.) so you should be able to whitelist all of Amazon SES.
The reason for the emails being marked as spam may be unrelated to SPF or groups. It may be the content of the mail. At the top of each spam message in Gmail's web interface, it lists the reason why it's in spam.