SPF Records for Newtek Gateway

Problem: Receipts Sent to SPAM/Junk Folder

This page aims to provide assistance to merchants who are having trouble with customer receipts being blocked as spam. The most common cause of this issue is the ability for merchants to change the Email From address that is used by the gateway when sending emails. By default, receipts are sent with a from address of “support@newtekgateway.com” or “noreply@newtekgateway.com”. Since newtekgateway.com designates its own servers as being allowed to send “@newtekgateway.com” email, these messages are not blocked. Once the merchant changes the from address on the settings screen in the console, the receipts are sent with the merchants email, for example: john@adams.com. When the customer's mail server receives the email, it checks that “adams.com” allows newtekgateway.com to send email on behalf of john@adams.com. If they do not, the message may be tagged as spam. Whether the message is blocked or not depends on whether adams.com has configured a “SPF” dns record and whether that record lists Newtek Gateway.

What is SPF?

Sender Policy Framework (SPF) is an open standard that allows mail servers to verify that an email was sent by a source that has been permitted by the owner of the domain. Configuring SPF for your domain is a matter of adding a TXT record to your DNS. If you are not sure how to modify the DNS for your domain, consult your domain provider.

Adding Newtek Gateway

If a merchant is going to list their own email in the Email From setting, they will need to add newtek to their SPF record. If the merchant does not control their domain and the domain owner is not willing to make the change, the merchant should either use a different email address or leave the from address blank.

The easiest way to list the newtek mail servers is to add include:spf.newtekgateway.com somewhere before the ~all or -all. For example, if your SPF record is currently:

acme.org  TXT  "v=spf1 a mx ~all"

you would change it to:

acme.org  TXT  "v=spf1 a mx include:spf.newtekgateway.com ~all"

If you prefer not to use our include, you can also list the mail server IPs directly. This approach is not recommended as your record will be out of date when our network expands/changes.

acme.org  TXT  "v=spf1 a mx ip4:209.239.233.124 ip4:209.239.233.125  ip4:64.0.146.124 ip4:64.0.146.125  ip4:209.220.191.124 ~all""

How to Test

Once you have your rules setup correctly in DNS, there are a variety of web based tools that you can use to verify. For example, to test with the Kitterman SPF Validation test tool, enter 209.239.233.124 in the Sending IP Address field, the Email From address you are using in the console should go in the Sender Email Address field, and andmx-ca4-01.newtekgateway.com should go in the Senders Computer Name field. If all is configured correctly, you should see a Pass and Sender Permitted.

Using a Webmail Based Email Address

Newtek Gateway does not recommend using a public webmail based address (@google.com, @hotmail.com, etc.) in the Email From setting. There is no way to correctly configure these email addresses to be sent from the Newtek Gateway gateway and merchants will experience a number of customers who are not able to to receive receipts. The merchant should either leave the "From" setting blank or get their own domain for email.