SPF and Lost Customers

I’ve long had SPF configured on this domain. SPF being a DNS record attribute that tells email recipients what internet sources are authorized to send on its behalf. It helps to make the internet a nicer place as more and more sites honour it.

It isn’t perfect, but it’s better than nothing.

There has been a recurring problem with it, however, and I post this entry because I see the same issue appearing on brand new sites: Organizations have internal mechanisms that generate messages that they mark as coming from external users, and then their own recipient machines reject it for failing the SPF check.

Consider a site that has a web form that I can fill out asking for information. I enter my comments, fill out the fields, and set my email address. To simplify the software needs, avoiding having to build out a whole internal customers relations solution, the software then generates an email that it purports to come from me, sending it to a customer relations team.

It is essentially replicating the client-side mailto: form post behavior on the server. The advantage is that the customer relations team can simply hit reply in a standard email client and send messages directly to me.

My lawn care company does this. I discovered after a couple of form entries (the only online method of contacting them) that they were quietly dumping my submissions because of the SPF issue. Great Wolf Lodge used to do this, again losing submissions from anyone on an SPF-protected domain, though recently they cut out the middleman and just put a real email address up. An auto delearship lost my communications for the same reason, irritating me enough that I went 20km away to buy the SUV I wanted.

These are just a few examples. If I see a form on a web page I generally just ignore it now because I know they probably didn’t consider the ramifications of SPF, and are probably instead pissing off some percentage of their customers every day.