Join Log in
Score:0
avatar Server

Confused about SPF Records

my flag
Bear Black

I thought that ?all in SPF should not be used.

Then I examinated SPF records of some local email provider companies and I found this:

v=spf1 mx ip4:77.75.78.0/23 ip4:77.75.76.0/23 ip6:2a02:598::/32 ?all`

Isn't this basically saying to mark failed SPF as Neutral, therefore letting basically everyone to send emails on behalf of that domain ?

Their DMARC is set like this:

v=DMARC1; p=none; rua=mailto:[email protected]

Again, isn't this saying to do nothing when DMARC fails ?

Then there is the company I'm working in. Their's SPF record is like this:

v=spf1 mx a:xxx.xxx.xxx a:xxx2.xxx.xxx include:protection.outlook.com include:spf.xxx.xxx ?all

Do the include's overwrite the final ?all ? Again, doesn't this say to mark everything as Neutral ?

What's the actual use case of ?all in SPF records ?

67
0 + 0
spf
sebix avatar
ie flag
sebix
Does this answer your question? [SPF fail vs. soft-fail pros and cons](https://serverfault.com/questions/933705/spf-fail-vs-soft-fail-pros-and-cons)
0
Reply
Score:2
Nikita Kipriyanov avatar Server
za flag
Nikita Kipriyanov

In principle you are right, a SPF softfail was intended to be a temporary setting for just testing of the setup. After testing it was recommented to be changed into the hard fail mode, where record is set to end with -all.

But it seems everybody is frigthened to lose some spam or simply are not self confident. Many people chose to leave it in the softfail setting.

The same seems to be with DMARC. The policy none does nothing. If you want your DMARC to be really effective, use reject or quarantine policy. Then compliant servers will refuse to accept and deliver a mail which claims to be from your domain but in reality it is not yours.

To some extent this is alleviated with the fact there are sophisticated spam filters, which still consider SPF and DMARC results and pessimize the score of mail which failed the tests. SPF softfail and others are considered together with body statistical analysis, blacklist quieries and so on, and together they tend to lower the score of spam so severely so it nevertheless is getting into a spam, or, conversely, correct SPF and/or DKIM depessimizes innocent mails, making them to look less spammy. So even DMARC p=none and SPF ~all or ?all still are doing some good, by increasing the "innocence" of good mail instead of pessimizing "bad" ones.

0 + 0
my flag
Bear Black
And what about ?all instead of ~all ? The settings in the mail provider and my company contains ?all not ~all
0
Reply
Nikita Kipriyanov avatar
za flag
Nikita Kipriyanov
The exact receiving system behaviour depends on its setting. I know my systems add zero score in this case, i.e. they register it as "we checked". Others may configure their other way. Read my last paragraph, it explains how it could help innocent mail even with this setting.
0
Reply
my flag
Bear Black
Yes, I understand. In my company, I can spoof a email of every employee without getting flagged as spam. So that is bad behaviour of the spam filter system ?
0
Reply
Nikita Kipriyanov avatar
za flag
Nikita Kipriyanov
In general, I'd consider this as a mail system deficiency. But which component to blame is not very clear. Maybe not a spam filter, but rather a submission service (the one which receives mail from mail clients, checks usernames and passwords).
1
Reply
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.