Q: We have an employee that works from home. Some of our clients don't receive this person’s email messages, but other clients, and our internal users, receive his email messages. Why aren’t some outside parties receiving email messages from our telecommuter?
A: From the information provided, I would guess that the Sender Policy Framework (SPF) is preventing some clients from getting his email messages. I bet the telecommuter in question uses his home ISP’s SMTP server for sending outgoing email messages from his company email address. I also bet that your domain’s DNS zone file has an SPF record, which defines all the authorized SMTP servers for your domain. If that's the case, I’ll explain what’s happening after first providing some background about how email servers identify the appropriate SMTP servers for a given DNS domain.
To receive email for a domain, the domain’s owner must publish one or more mail exchanger (MX) records in the DNS's zone file, which identifies email servers that can receive email messages for that domain. Note that MX records are mandatory. There's a second type of email record that's much newer than DNS MX records and is optional: SPF records, which let a domain’s owner publish information about which SMTP servers other servers should trust when receiving email messages from that domain. With SPF, you can publish all the email servers that your company legitimately uses to send email messages from your domain. Other companies, such as your clients, might configure their email servers to check SPF records on incoming email messages.
Here’s what I think is happening in your situation. When the telecommuter sends an email message, his home ISP’s SMTP server receives the email message and queues it to be forwarded. To locate the recipient’s email server, the ISP server looks up the MX record for the recipient's DNS domain and attempts to forward the email message to the IP address on the MX record. If the recipient’s email server hasn't been configured to filter email messages based on SPF, the message continues on its way to the recipient’s Inbox. However, some of your clients have evidently configured their email servers to filter incoming messages based on SPF. In such cases, the receiving email server looks up the SPF record for the domain of the email sender to get a list of authorized sending servers for that domain. When the receiving server doesn’t see your telecommuter's home ISP's server on the list, it rejects or silently discards the email message.
There are two ways to fix the problem. You can add the telecommuter's home ISP’s server(s) to your SPF policy, which I don’t recommend because that would let countless people send email messages through the server that appears to be in your domain. The second—and better—option is to stop using the telecommuter's home ISP’s server for sending email messages from your company’s domain. Instead, reconfigure the telecommuter’s email client to route email messages through your server using authenticated SMTP, remote procedure call (RPC), or HTTP Secure (HTTPS).