I have two domains:
foo.com and bar.com
Only foo.com is using Google Apps and thus can send emails. I now have a service running on bar.com\application that uses the email [email protected] to send emails to others. However, all the mails get delivered to the spam folder of the recipient.
I checked the header and it says
spf=neutral (google.com: 2607:f8b0:4001:c02::2ef is neither permitted nor denied by best guess record for domain of [email protected]
Therefore I would like to set up a spf record. Now I don't know for which domain I have to set the spf. Do I have to set it for foo.com, because the mails get send with that domain or do I have to set it in bar.com, because that's where the mail get send from?
In addition, I heard setting up a DKIM entry in the nameserver is recommended as well, but does this make sense in my case? As far as I understand, DKIM verifies that a mail is in fact coming from the domain/IP, which uses the mail service (foo.com in my case). That, however, would mean sending from bar.com using [email protected] would be bad, because it didn't get send from bar.com?
SPF records are setup for the domain of the email being sent. In your example, the email "sender" is [email protected] so the SPF record needs to be in foo.com's DNS.
The idea is any recipient will look up the DNS records for the sender of email it has received to confirm it is originating from an approved mail server. In your case, the recipient would look up bar.com's mail server to see if it is an approved outgoing mail server for foo.com.
Based on the IPv6 address you listed, foo.com's SPF record would be:
DKIM provides a greater level of SPAM resistance but it is not necessary in my experience.