Am 04.02.2016 um 19:17 schrieb David Jones:
Google is telling all of their mail customers to add DMARC DNS records to block spoofing of their own domainsbefore Google ist telling somebody something they should better learn the difference between "~" and "-" in a SPF record to make gmail.com at least on envelope-level spoofing protectedi high percentage of spam here would not only have been flagged but outright rejected if they would do their own homeworkYou must not understand why Google promotes the ~all over the -all. The problem is most people don't know all of the legit sources of email for their domain so it's dangerous to use -all if you aren't 100 percent sure that all of your senders are covered in your SPF record.
which people don't know this? admins? don't maintain services then! users?just use the SMTP server your mailprovider tells you and no other one and for smtp-admins: just don't accept enevlope senders for which you would not accept incoming mail
that is as easy as something can be
For Google and myself, it's better to tell everyone to use ~all and SOFT FAIL the SPF check to put the message into the Spam folder than to have mail bounced. The ~all is also the best way currently to handle the forwarding problem mentioned by Alan Hodgson. SRS has it's own problems
oh yeah a great way to not realize why some mails don't reach senders and others pass through instead get a clear SPF reject and learn which is your submission servers
score SPF_SOFTFAIL 0 0.972 0 0.665
signature.asc
Description: OpenPGP digital signature
