I would say +all is always harmful. The difference between having +all and not having any at all (or ?all) is that you affirmately, by using +all, tell the system the email is genuine. If you somehow want to treat all emails as unspecified or unknown, ergo dont want to reject, but you want to still have a SPF so you dont get sent to spam folder for not having a SPF, you can use ?all to force a neither genuine or fake result that should be treated as no SPF at all in the actual validation system.
If you as a webshop would put +all on a SPF, and I got a email, that was stamped as genuine in my email client, and I enter my card number on a website that was linked in said email to correct an order, I would held you accountable for every loss of money on that credit card, since you certified the email as genuine, and affirmately told me (or my computer system), by publishing a +all SPF, that I should trust that email to 100%. +all in SPF, ergo a harmful action, may however have its usage in certain situations, for example development or testing or SPF validation systems or similar. But then it SHOULD be done from specific test domains, like dev.testing.example.com where example.com is your domain, so its clear, from someone that receives a email from said domain, that they SHOULD NOT trust it for anything. Från: Hans-Martin Mosner via mailop <mailop@mailop.org> Skickat: den 8 juli 2023 09:27 Till: mailop@mailop.org Ämne: [mailop] SPF +all considered harmful Most likely none of you would consider adding +all to an SPF record a smart move, here's another reason why you shouldn't do it: Google cloud services are being used to spam (ongoing for a long time, Google doesn't seem to care). What I noticed today is that the spammer is using domains with SPF +all as sender and HELO domains, presumably hoping to avoid SPF based rejections or quarantine. This might lead to bad reputation for the domains involved... Cheers, Hans-Martin
_______________________________________________ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
