I used to be a sysadmin. And I like to think that I was pretty good at my job. These days, my work is much more managerial with a strong emphasis on communication. The command line and I only meet occasionally, and I have to get help whenever I do something more complicated with regular expressions. Still, I apparently have retained enough skills that the Head of Cloud Operations at my current workplace occasionally says things like „oh, you can do that?“ in a positively surprised tone. But I usually do know my limits and what not to touch.
This is the story of when I failed to recognize my limits.
Knowing that I’m not an admin, this webpage resides on a server that is run by a webhosting company. They worry over security patches, uptime, sensible database configuration and so on, because I know that I’ll probably screw this up. I am allowing myself to change database tables, tinker with some of the htaccess settings and… DNS. That is one of those things that I don’t touch a lot, as there is no need for this on a daily basis.
And thus, I completely forgot about the SPF record when changing the MX entries to support my G Suite setup when I switched hosting last year. As a quick recap, let me quote Google what it’s about:
The purpose of an SPF record is to prevent spammers from sending messages with forged From addresses at your domain. Recipients can refer to the SPF record to determine whether a message purporting to be from your domain comes from an authorized mail server.
Quite the important and nifty functionality. I actually knew of it already, but didn’t realize that the new webhoster had this implemented as a standard. So while I successfully switched all the MX entries, I overlooked the SPF setting.
Alas, there are a lot of email servers that happily ignore a faulty SPF setting, even Google kept receiving emails despite the wrong setting. And you don’t really get an error message on the senders part, because no one talks back to (even only suspected) spammers. So nearly everything seemed fine: I was sending and receiving mails on a daily basis and this configuration error wasn’t discovered for nearly half a year. Only when I started to worry that one email recipient didn’t answer at all and a friend who actually is an admin looked into the matter for me.
So, the lesson here is: The Dunning Kruger effect is sometimes closer to home than you think. Whenever you do something only occasionally, maybe talk to someone who does it regularly, to make sure that technology hasn’t advanced past your own experience in the meantime. And if you use G Suite, here’s how to set the SPF correctly.