On Wed, 24 Jan 2018 16:26:58 -0600 David Jones wrote: > On 01/24/2018 04:00 PM, Vincent Fox wrote:
> > However, look at all the major providers with messed up records and > > neutral or soft fail. They should have the most resources to > > accomplish this and the most incentives to list all their > > netblocks and set to hard fail. > > > > > > Google is soft fail. > > Hotmail is soft fail. And Yahoo has the strongest DMARC policy and the weakest SPF policy. > There is nothing wrong with stopping a soft fail if that is what they > want to do. In fact, most people should stop at soft fail unless > they really know what they are doing or they are a major brand with a > high risk spoofing. There's more to it than that. All of the above use DMARC and if you use -all in combination with DMARC you are allowing the SPF result (which is only one component of DMARC) and SPF's legacy policy mechanism to overide both the DMARC result and the DMARC policy. The DMARC RFC has a warning about this.
