You're not wrong. I would only say say that perhaps this makes -all harmless versus something one truly needs to worry about or avoid.
There's a lot of past, quite possibly bogus, guidance where we were all pushed as ESP senders to implement -all, given the impression that once upon a time it provided an indirect deliverability boost in some places. Inertia is strong. I still personally want -all for myself, because I think there are possibly a lot of third or fourth tier smaller ISPs, and hobbyists, and non-US ISPs, that perhaps have SPF support but aren't there with DMARC yet. Cheers, Al Iverson On Thu, Dec 14, 2017 at 5:28 PM, Brandon Long <bl...@google.com> wrote: > My point is that -all is policy, and most people ignore the policy portions > of SPF because it completely fails a lot of forwarding cases. > > -all is asking receivers to reject mail that doesn't pass. > > ~all isn't policy. > > In practice, very few receivers implement SPF policy (except -all by itself > for domains which don't send mail as a special case). > > Maybe there are some smaller receivers who will pay attention to it, but > you're almost certainly going to get more false positives from them than > real positives. And you won't even notice. > > If you want policy, use DMARC, it's what it's there for, and these things > are considered. As much as DMARC rightly gets pushback for the parts of > forwarding it fails at, it's definitely more useful for policy goals, and > has much wider adoption. > > DKIM, for example, explicitly says that a DKIM fail means nothing. Which > doesn't prevent folks from rejecting messages with broken DKIM signatures, > probably the same folks who follow > -all. > > Brandon > > > On Thu, Dec 14, 2017 at 12:17 PM Al Iverson <aiver...@wombatmail.com> wrote: >> >> On Thu, Dec 14, 2017 at 2:14 PM, Brandon Long via mailop >> <mailop@mailop.org> wrote: >> > >> > On Thu, Dec 14, 2017 at 11:09 AM Jim Popovitch <jim...@gmail.com> wrote: >> >> >> >> On Thu, Dec 14, 2017 at 11:33 AM, Vladimir Dubrovin via mailop >> >> <mailop@mailop.org> wrote: >> >> > >> >> > In fact, you should not use "-all" for your mail domain if you care >> >> > about deliverability. >> >> >> >> FALSE! (Also, you should not randomly add CC recipients to the same >> >> mailinglist that you are responding to) >> >> >> >> Aside from a few HUGE providers, those with very large and disparate >> >> networks/offices/topology.... >> >> >> >> -all means that the domain operator knows what they are doing, knows >> >> what their network consists of and how email is routed within their >> >> network. It further states that the -all publisher has committed to >> >> staying abreast of what happens in their environment in order to >> >> assure their IP space is properly routing email. It instills >> >> confidence. >> >> >> >> ~all is just plain lazy, and is akin to saying that you don't have >> >> confidence in your ability to own and control your own network; and >> >> you want others to spend some level of time/money (in the form of CPU >> >> cycles) analyzing email emitted from your network to determine it's >> >> suitability for deliverability. >> > >> > Or, it acknowledges the fact that the people you send mail to may >> > forward >> > that >> > mail, and trying to control that is silly. >> >> Yeah, but a fail doesn't magically turn into a pass if you turn -all into >> ~all. >> >> I don't think either is a universal use case, but I see good reasons >> for both ways and it depends on what type of company and mail sender >> you are. For me, I think -all makes a lot of sense for marketing >> senders and folks really worried about phishing/spoofing. And I see >> lots of -all mail get forwarded just fine, thanks to, for example, the >> fine folks at Google who write the return path when forwarding. :) >> >> Old school forwarding is still a pain even if you pull SPF out of the >> equation, no? >> >> Cheers, >> Al >> >> -- >> al iverson // wombatmail // miami >> http://www.aliverson.com >> http://www.spamresource.com >> >> _______________________________________________ >> mailop mailing list >> mailop@mailop.org >> https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop -- al iverson // wombatmail // miami http://www.aliverson.com http://www.spamresource.com _______________________________________________ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop