From HEXONET Wiki
As the amount of SPAM emails has grown, a lot of email hosting services needed to adjust their filtering mechanisms to be more strict in handling incoming emails.
As we provide reselling services with the option to brand emails according to sender, subject or whatever, we will send out emails for domains that are not hosted and not owned by us.
Nearly all email hosting services check if the originating email server is allowed to send out emails for a single domain (part of the sender address) like for example firstname.lastname@example.org.
Now, emails of the domain example.com are hosted on your webhosting but you wants to have HEXONET sending out your ICANN transfer emails with that sender. In exactly such a case, it can happen that the transfer confirmation email is filtered because the HEXONET email server is not in the list of IP addresses that are authorized to send emails for that domain name.
The framework that is used to handle such checks for incoming emails is called "Sender Policy Framework" (https://en.wikipedia.org/wiki/Sender_Policy_Framework).
To avoid that emails are getting filtered, each domain owner needs to add a so called SPF record to the DNS zone of his own domain. In that SPF record, all IP addresses are listed, that are allowed to send emails for the domain the DNS zone is created for.
If you are using your own email addresses at HEXONET to send out emails, you should urgently add our servers to your SPF records. @ 3600 IN TXT "v=spf1 include:spf.mail.ispapi.net ~all" If you do not have a SPF record inside your zone, adding this one is enough.
If you already have an existing SPF record (needs to be unique! There can only be one SPF record per zone), you need to add: include:spf.mail.ispapi.net to the existing record!