My point is that -all is policy, and most people ignore the policy portions of SPF because it completely fails a lot of forwarding cases.
-all is asking receivers to reject mail that doesn't pass. ~all isn't policy. In practice, very few receivers implement SPF policy (except -all by itself for domains which don't send mail as a special case). Maybe there are some smaller receivers who will pay attention to it, but you're almost certainly going to get more false positives from them than real positives. And you won't even notice. If you want policy, use DMARC, it's what it's there for, and these things are considered. As much as DMARC rightly gets pushback for the parts of forwarding it fails at, it's definitely more useful for policy goals, and has much wider adoption. DKIM, for example, explicitly says that a DKIM fail means nothing. Which doesn't prevent folks from rejecting messages with broken DKIM signatures, probably the same folks who follow -all. Brandon On Thu, Dec 14, 2017 at 12:17 PM Al Iverson <aiver...@wombatmail.com> wrote: > On Thu, Dec 14, 2017 at 2:14 PM, Brandon Long via mailop > <mailop@mailop.org> wrote: > > > > On Thu, Dec 14, 2017 at 11:09 AM Jim Popovitch <jim...@gmail.com> wrote: > >> > >> On Thu, Dec 14, 2017 at 11:33 AM, Vladimir Dubrovin via mailop > >> <mailop@mailop.org> wrote: > >> > > >> > In fact, you should not use "-all" for your mail domain if you care > >> > about deliverability. > >> > >> FALSE! (Also, you should not randomly add CC recipients to the same > >> mailinglist that you are responding to) > >> > >> Aside from a few HUGE providers, those with very large and disparate > >> networks/offices/topology.... > >> > >> -all means that the domain operator knows what they are doing, knows > >> what their network consists of and how email is routed within their > >> network. It further states that the -all publisher has committed to > >> staying abreast of what happens in their environment in order to > >> assure their IP space is properly routing email. It instills > >> confidence. > >> > >> ~all is just plain lazy, and is akin to saying that you don't have > >> confidence in your ability to own and control your own network; and > >> you want others to spend some level of time/money (in the form of CPU > >> cycles) analyzing email emitted from your network to determine it's > >> suitability for deliverability. > > > > Or, it acknowledges the fact that the people you send mail to may forward > > that > > mail, and trying to control that is silly. > > Yeah, but a fail doesn't magically turn into a pass if you turn -all into > ~all. > > I don't think either is a universal use case, but I see good reasons > for both ways and it depends on what type of company and mail sender > you are. For me, I think -all makes a lot of sense for marketing > senders and folks really worried about phishing/spoofing. And I see > lots of -all mail get forwarded just fine, thanks to, for example, the > fine folks at Google who write the return path when forwarding. :) > > Old school forwarding is still a pain even if you pull SPF out of the > equation, no? > > Cheers, > Al > > -- > al iverson // wombatmail // miami > http://www.aliverson.com > http://www.spamresource.com > > _______________________________________________ > mailop mailing list > mailop@mailop.org > https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop >
_______________________________________________ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
