Why Gmail Rejects Your Emails and How to Fix SPF/DKIM Issues

Error Phenomenon

When sending verification emails from a Spring Boot backend, Gmail may reject the messages with a bounce indicating that the sender domain's DNS records are missing or incorrect.

Rejected reason: The sender ([email protected]) domain's DNS record is not set or is wrong, causing Gmail to refuse the mail. host gmail-smtp-in.l.google.com[142.251.10.26] said: 550-5.7.26 This mail is unauthenticated, which poses a security risk to the sender and Gmail users, and has been blocked. The sender must authenticate with at least one of SPF or DKIM. For this message, DKIM checks did not pass and SPF check for [mail.spring4all.com] did not pass with ip: [54.204.34.130]. The sender should visit https://support.google.com/mail/answer/81126#authentication for instructions on setting up authentication. Solution: Ask your email administrator to set correct DNS (SPF, DKIM, DMARC) records for the domain.

Problem Analysis

Google’s bounce message points to its anti‑spam protection, which requires proper identity configuration, including SPF, DKIM, ARC, and DMARC.

Google provides a diagnostic tool at https://toolbox.googleapps.com/apps/checkmx/ where you can input your email domain to see detailed warnings.

Although many warnings appear, the essential fix is to correctly configure SPF so Gmail will accept the mail.

Solution

Only the SPF record needs to be added to your domain’s DNS as a TXT record.

Gmail’s official documentation shows the required format, but a common mistake is to copy the generic value: v=spf1 include:_spf.google.com ~all You should replace the included domain with the SPF domain of your actual email service provider.

For example, using Tencent Enterprise Mail, the correct value is: v=spf1 include:spf.mail.qq.com ~all The TXT record in your DNS should look like the following:

SPF Summary

Common SPF configurations for popular Chinese enterprise mail services:

Tencent Enterprise Mail: v=spf1 include:spf.mail.qq.com ~all Alibaba Cloud Enterprise Mail: v=spf1 include:spf.mxhichina.com -all NetEase Enterprise Mail: v=spf1 include:spf.163.com -all Apply the appropriate TXT record to your domain, verify with Google’s tool, and Gmail will no longer reject your verification emails.