# SMTP SPF/DKIM Bounce Recovery **Context:** July 11, 2026 — Apex Track Experience confirmation emails to 2 Gmail recipients bounced with `550-5.7.26 Your email has been blocked because the sender is unauthenticated`. ## Root Cause The WP Mail SMTP plugin sends through SiteGround's SMTP relay (`c1113726.sgvps.net:2525`), but the SPF record for `apextrackexperience.com` didn't cover all outbound IPs that SiteGround routes through. The bounce showed the connecting IP as `136.175.108.114` (MXroute LLC), NOT the expected SiteGround IP (`35.212.86.161`). Two different outbound paths were being used and only one was in SPF. ## Diagnosis 1. Check the current SPF record: ```bash dig +short TXT ``` 2. Check what IP the SMTP relay resolves to: ```bash dig +short ``` 3. Cross-reference with SPF include chains: ```bash # Follow includes recursively dig +short TXT ``` 4. Check DKIM: ```bash dig +short TXT default._domainkey. ``` 5. Check DMARC policy: ```bash dig +short TXT _dmarc. ``` ## Fix 1. Add the SMTP relay IP to the SPF record: ``` v=spf1 +a +mx ip4: include: ~all ``` 2. Ensure DKIM is published (usually auto-generated by the email provider) 3. Set DMARC to `p=none` initially (monitor), then `p=quarantine` after verification 4. After SPF fix, **resend the failed emails manually** — SPF only blocks, it doesn't queue and retry. Gmail doesn't auto-retry SPF failures. ## Re-sending After Fix For WPForms confirmation emails that bounced: - SMTP: c1113726.sgvps.net:2525 TLS - User: contact@apextrackexperience.com - Build the email manually as HTML with the same format as the WPForms notification - Send via smtplib through the same SMTP relay - Include full registration details (driver, passenger, vehicle, package, amount, waiver status) ## Prevention - Enable **WP Mail SMTP email logging** (`wp_mail_smtp` option in wp_options) — without logging, there's no delivery trail - Add **all** outbound relay IPs to SPF — SiteGround may route through multiple IPs - Test with a throwaway Gmail address after SPF changes