1 Aug
2013
1 Aug
'13
8:43 a.m.
"On Thu, Aug 1, 2013 at 9:00 AM, Phil Stewart wrote:
On 30/07/2013 18:21, Jan Henkins wrote:
I agree that +all seems rather pointless - sounds like ticking the SPF
box at best.
But both ~all and ?all are being actively used, by domains such as
paypal.com, linkedin.com and google.com - three domains that are very
prominent victims of from-address spoofing.
In theory, the ability of SPF to tell recipients that they can safely
drop all email claiming to come from your domain that doesn't come
from a handful of listed IP addresses sounds great - and it that
context ?all and ~all seem pointless for anything but testing.
In practise, it turns out to be pretty hard to know which addresses
email is being sent from from. Which is why ~all ("anything received
from IP addresses not listed probably didn't come from us, but we
can't be sure") and ?all ("we can't say anything about email received
from IP addresses not listed") come in handy.
SPF is mostly used in scoring - that's probably the reason behind the
odd behaviour noticed by the OP. ?all and ~all allow a receiving spam
filter to slightly reduce the spam score for emails received from
listed IP addresses, without having it drop anything else.
Martijn.
You also have "~all" which is a
soft-fail (handy for
testing, but pointless for production), and "?all" which is neutral
(utterly pointless IMHO).
If you think that's bad, then consider that there are a significantly
non-zero number of domains that actually explicitly use +all, which as far
as I'm concerned is tantamount to declaring 'all spammers in the world may
use my domain freely'.