Thanks for raising this issue. It's mostly a case of unawareness -- those of us who run the site don't regularly create new accounts, so we don't notice if e-mails end up in spam folders. I also don't personally use gmail, so I'm unfamiliar with its behaviour in this case.
SPF is set up on tfes.org and has been for years. Would adding DKIM/DMARC really make that big of a difference? If so, I'll take a look at setting it up.
It makes a world of difference. I saw that spf was indeed setup for tfes.org, but your SMTP MAILFROM (separate header of which SPF works from) is not tfes.org, so unfortunately it's not even being applied to these mails. Properly implement SPF and DKIM, and your DMARC should also pass and should require nothing further aside from making sure both FROM headers align (are the same @domain, which they aren't now).
Edit: I see you use postfix which is very good and the things I mentioned are well documented on how to integrate with it.
Edit again: your spf is set to hardfail (-all), I highly suggest turning that to a softfail (~all) once you setup DKIM.
Edit 3 -- long story short you are behind on your email auth. Get it up to date and I guarantee your inbox placement will skyrocket.