does not designate permitted sender hosts
The text “gmail does not designate permitted sender hosts” found in GMail by clicking the down arrow (on top right) ➜ selecting “Show original” and reading the text implies a “phishing” attempt.
If you (or WordPress on your behalf, or other software) send business e-mails you must check this header and seeing gmail does not designate permitted sender hosts means you must take action to avoid being classed as a spammer (phisher).
SPF Records and Diagnostic Tools
If you want to skip the detail, SPF Records are the key to the solution. But if it ain’t broken don’t fix it – and a good place to ascertain whether your domain has the appropriate e-mail sending paraphernalia use this dns stuff site. You paste in your domain name and it will tell you what the various problems are.
Our preferred architecture involves the WordPress content management system running on the Amazon EC2 cloud and sending e-mails from Amazon SES (Send Email Service). A description on how to set it up correctly is below.
➜ E-Mail Setup for WordPress ➜ Amazon SES
Disingenuous E-Mail Sending (Phishing) Background
It is easy to send e-mails (as if) from any domain making the e-mail appear to be sent by someone it obviously is not – for example email@example.com or firstname.lastname@example.org
Whilst this is (used to be) great for playing practical jokes on your mates – it regularly backfires and catches out (unwitting) small business owners sending out genuine e-mails to their clients.
The industry term for making e-mails appear to originate from a place that it doesn’t is “spoofing” or “phishing”
E-mail Sent Without SPF Record Set
SPF records (or the lack of them) are the origin of the problem. Addressing this can be done by referring to the Setting SPF Record When Sending From WordPress via Amazon SES blog.
Below is an e-mail header from GMail viewing an e-mail that displays symptoms of the sender not being verifiable – hence the “does not designate permitted sender hosts” message.
Received: from ip-172-31-34-22.eu-west-1.compute.internal (ec2-54-154-147-247.eu-west-1.compute.amazonaws.com. [126.96.36.199]) by mx.google.com with ESMTPS id ln3si19128989wic.72.2015.03.30.07.52.34 for
(version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Mon, 30 Mar 2015 07:52:34 -0700 (PDT) Received-SPF: none (google.com: email@example.com does not designate permitted sender hosts) client-ip=188.8.131.52; Authentication-Results: mx.google.com; spf=none (google.com: firstname.lastname@example.org does not designate permitted sender hosts) email@example.com Received: from ip-172-31-34-22.eu-west-1.compute.internal (localhost [127.0.0.1]) by ip-172-31-34-22.eu-west-1.compute.internal (8.14.4/8.14.4/Debian-4.1ubuntu1) with ESMTP id t2UEsJoJ025775 for ; Mon, 30 Mar 2015 14:54:19 GMT Received: (from www-data@localhost) by ip-172-31-34-22.eu-west-1.compute.internal (8.14.4/8.14.4/Submit) id t2UEsJbE025774; Mon, 30 Mar 2015 14:54:19 GMT