Authenticating Programmatically Sent Emails10 Jul 2016
Work on the Ruby and Sinatra project continues and this weekend I worked on creating a helper method for sending emails so I can have users confirm the emails they used to register. I wanted to send emails from a mailbox I set up on a custom domain I’m hosting with DreamHost. I created a mailbox on DreamHost’s admin panel and with the mail Ruby gem it was pretty straightforward to get emails sent.
Hit and the endpoint and you’re done! Or are you? To the Gmail inbox!
All looks good except Gmail ominously warns us: “Gmail couldn’t verify that chuckpad.io actually sent this message.” This means “Gmail doesn’t know if the message is coming from the person who appears to be sending it,” which makes our messages excellent candidates to get caught by Gmail’s spam filters! Read more about authenticated messages here.
After some digging around, I learned about Sender Policy Framework (SPF) records. Basically, a DNS record can have some metadata which identifies which servers are permitted to send email on behalf of the domain. DreamHost’s default “SPF information doesn’t include DreamHost’s mail servers” because you can always opt to host your domain’s mail servers elsewhere. Fortunately, this can be easily remedied by adding the SPF record v=spf1 include:netblocks.dreamhost.com to our domain’s DNS record.
Give the DNS caches of the world a few hours to refresh, try again, and boom! Success! Programmatic and authenticated!