Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

> To help ensure messages you send to Gmail accounts are delivered as expected, you should set up either SPF or DKIM for your domain.

But spammers already do that, why would enforcing that even help ?




I think the explanation is a little incomplete, but it makes sense if you expand the explanation a bit.

What really happens is this: when GMail receives a lot of email from domain xyzzy.com, and a lot of it seems to spam (either it's marked spam explicitly by the recipient, or maybe Google uses some weird AI or whatever to identify messages as spam) then GMail will start marking email from that domain as spam. Obviously if you own xyzzy.com and you're not a spammer you want to avoid this. So what can you do?

SPF and DKIM are ways to prevent unauthorized senders from delivering mail that appears to come from your domain. SPF is a way to list IP addresses authorized to deliver mail on your behalf, and DKIM contains cryptographic keys needed to sign email coming from your main. That means if you have SPF and DKIM enabled, the only people able to send mail that appears to come from your domain are people that are authorized to do so (there are a few more bears on the road, but broadly this is true).

It's true that spammers can register their own domains for the sole purpose of sending spam, and they can enable SPF and DKIM on those too, but if they use domains exclusively to send spam, they will still be marked as spam domains by GMail, at least eventually.

But this doesn't explain why GMail should be distrustful of domains without SPF and DKIM records. There are literally hundred of millions DNS records worldwide, and only the tiniest minority (think, 1% or less) of those have SPF/DKIM records, and not having those records isn't evidence of being a spammer per se. But look from the perspective of spammers. If GMail adopts the policy that email from rare domains without SPF/DKIM records is accepted so long as they don't send high volumes of spam, then it's trivial for spammers to collect 100 million domains without SPF/DKIM and send literally 1 message from each, which results in a 100 million spam messages being accepted by GMail.

That's why GMail wants you to add SPF/DKIM records to your domain if you're not a spammer. It allows GMail to block email from the >99% of domains that don't have SPF/DKIM enabled. And for the remaining 1% of domains, it can either delete email outright (if it's forbidden by SPF/DKIM), or else it can reliably identify a domain as being spammy.




Consider applying for YC's Fall 2025 batch! Applications are open till Aug 4

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: