Why am I here?

Probably because you tried to send mail to us, and it was rejected.

There are many ways in which mail systems can be broken or misconfigured. Some of them can result in rejected mail, and some of them can have an impact on your security - or that of your correspondents.

This site is concerned with the security issues.

There are tools to test some parts of mail systems, plus information about email security, how to find out more, and how to get problems fixed.

Why was my mail rejected?

Probably because you use SPF, and your SPF record is broken. This is a security issue, because it means that mail which is forged to look like it came from you cannot automatically be detected by the systems designed to do just that.

How do I get you to accept my mail?

That depends on why it was rejected.

If it was rejected because your SPF record is broken, we can definitely help you. Contact us.

If you're here because you just want to find out how to get people to accept your mail when they really don't want it, then you're in the wrong place. There's nothing for you here.That's not what we're about, and we can't help you.

What's SPF?

Sender Policy Framework (SPF) is something that senders (that's you) use to tell recipients (that's us) their policy on sending electronic mail. The policy is a single string of text in the DNS (Domain Name System). The DNS is like a gigantic telephone directory, but it has a lot more than just numbers.

Unfortunately SPF is one of the most widely misunderstood features of electronic mail systems.

The idea of SPF is simply to prevent forgeries. Nothing else.

SPF is not about anybody's reputation, and despite what anybody else might have told you, it's not about spam. Yes, a lot of spam is forged, but if mail fails SPF tests that doesn't mean it's spam. More likely it means that an SPF record is broken.

Here's our own SPF record:

"v=spf1 ip6:2001:470:6976:44::25 ip4:81.149.136.94 exp=exp.fixmymail.uk ra=postmaster -all"

If it looks a bit confusing to you at first we can show you that it really isn't - see the breakdown on the right.

But other people accept my mail?!

SPF is not about accepting your mail.

SPF is about rejecting mail if it looks like it's from you but it's forged. If, after visiting this site, you only take one thing away from you, take that.

The anatomy of an SPF record.

In this case it's our record, and we're simplifying a bit, but not in any way that really matters.

Here's that record again, broken into its individual 'terms', together with the meaning of each term:

"v=spf1"

This is our one and only SPF record. Like everyone else, we're only allowed one SPF record for one domain.

"ip6:2001:470:6976:44::25"

This IPv6 address is authorized by us to send mail on behalf of our domain.

"ip4:81.149.136.94"

This IPv4 address is authorized by us to send mail on behalf of our domain.

"exp=exp.fixmymail.uk"

There's an explanation available at this domain. Yes, it's a separate domain, and yes, the only thing you'll find there is an explanation.

"ra=postmaster"

The Responsible Authority can be reached at this email address. To get the complete address you need to tack the domain name 'fixmymail.uk' onto the name given here (with the usual '@' symbol of course).

"-all"

No other IPs can send mail on our behalf. If they do, then you can safely assume that the mail is forged and throw it away without opening it.

The full specifications for SPF can be found in the current Internet standard, which is RFC7208. Now that is confusing, even sometimes to us. But don't worry, because we're here to make sense of it. Just for you.