When you host your email through Google Apps, you can create email aliases that are called "groups". Very recently messages routed via those aliases started to silently drop off the face of the earth. The exact same message sent directly to a real account (part of the same Google Apps domain) was received just fine.

The only thing that stood out as interesting was that the successfully received email was marked as a "soft fail" under SPF verification.

Now, these messages are all being routed through Radiant mail servers. Ah good old Radiant. Only several years into SPF being widely accepted and they still haven't published an authoritative list of their mail servers.

So my domain's SPF record listed every other place we might send from, but did not claim this was an exclusive list - hence the soft fail.

After totally botching my SPF record a few times because I didn't remember that "include:"ing domains without SPF records results in automatic fails, I used a "ptr:radiant.net" to say we trust any host that reverse resolves to *.radiant.net. (This is highly frowned upon because anyone can spoof reverse DNS lookups, but it seems like a limited risk for a small domain like mine.)

Anyway, as soon as that change propagated Google Apps started accepting my messages via aliases again. Very curious that they would have inconsistent SPF processing...