Woah, thanks for all of that, Tom. I'm going to need to take a while to look over it all. Do you know of a good primer on what should be in an SPF record?

For now, the simplest solution I've found is, as you might have guessed, to let Google handle it all. My client was already on Google Apps and had their domain registered through Google Domains, but their nameservers were pointed to Bluehost. I removed DNS handling from Bluehost like a child that couldn't be trusted with something delicate, and gave control to Google. So far, that seems to be really helping. I think I might end up doing the same thing for my domain and finally sign myself up for Google Apps. I've just been lazy about it and not looking forward to having two accounts that I have to check on my desktop.

I still very much want to add the other levels of assurance, though, so I'll be doing some research on the links you provided. Thanks so much.


As for my own domain, it looks like it passed on all lists, according to that site (I've used MXToolBox.com before - great site). I know for sure that some of the content from my domain is being blocked by some providers, though. For example, every single invoice I send through Freshbooks is undelivered by AOL. I've added Freshbooks to my SPF records, but they still get blocked. I can send regular emails to those same people, though, so I usually end up sending them PDFs of my invoices. Unfortunately, it doesn't look like they support DKIM.