On Sat 08/Jul/2023 11:47:41 +0200 Sebastian Nielsen via mailop wrote:
I would say +all is always harmful. The difference between having +all and not having any at all (or ?all) is that you affirmately, by using +all, tell the system the email is genuine. If you somehow want to treat all emails as “unspecified” or “unknown”, ergo don’t want to reject, but you want to still have a SPF so you don’t get sent to spam folder for not having a SPF, you can use ?all to force a “neither genuine or fake” result that should be treated as no SPF at all in the actual validation system.
You need +all if you're after dmarc=pass.
If you as a webshop would put +all on a SPF, and I got a email, that was stamped as genuine in my email client, and I enter my card number on a website that was linked in said email to correct an order, I would held you accountable for every loss of money on that credit card, since you certified the email as genuine, and affirmately told me (or my computer system), by publishing a +all SPF, that I should trust that email to 100%.
Did any reimbursement claim ever succeed?
+all in SPF, ergo a harmful action, may however have its usage in certain situations, for example development or testing or SPF validation systems or similar.
It is used in alumni and similar sites. E.g. member.fsf.org. Best Ale -- _______________________________________________ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
