On Fri, 13 Mar 2009 14:31:17 +0100 Kai Schaetzl <mailli...@conactive.com> wrote:
> Rw wrote on Thu, 12 Mar 2009 13:59:56 +0000: > > > You get the neutral result if you don't get a match in any of the > > terms, so wont adding ~all or -all on the end, simply turn neutral > > into [soft]fail. > > No. I assume you get that neutral because of ~all. And you get that > ~all because it is the default in case it's missing. -all is *very* > different from that. According to RFC 4408: If none of the mechanisms match and there is no "redirect" modifier, then the check_host() returns a result of "Neutral", just as if "?all" were specified as the last directive. There are two distinct problems here. One is that the spf record was not producing a proper fail on servers that aren't authorised to send, the other is that his local mail is not passing the spf test and causing FPs. My point was that just fixing the first problem is likely to exacerbate the second since neutral scores less than softfail.
