6

This seems obvious or something I just don't understand.

I want to build SPF records for my clients. Most of the email providers provide an SPF record that I can "include" in mine, but they all include ~all or -all at the end.

Does this mean that their "include" always has a match and therefore everything after is not looked at? I think this causes trouble for clients that send valid emails using two services or use some form of email forwarding (ex: their registrar provided email + gmail.)

Waivej
  • 61
  • 1

1 Answers1

11

The include directive ignores terminal alls of any kind, as the project's page on the record syntax makes (fairly) clear:

In hindsight, the name "include" was poorly chosen. Only the evaluated result of the referenced SPF record is used, rather than acting as if the referenced SPF record was literally included in the first. For example, evaluating a "-all" directive in the referenced record does not terminate the overall processing and does not necessarily result in an overall Fail. (Better names for this mechanism would have been "if-pass", "on-pass", etc.)

You will still need to terminate your SPF record, however many other organisations' records it includes, with your own -all (and may I urge you use -all, not ~all or ?all, as the latter two make SPF completely pointless?).

MadHatter
  • 79,770
  • 20
  • 184
  • 232
  • 1
    +1 and some servers give your mail a higher spam rank when they hit a "~all" or "?all" (the server I control for starters) because the admin who setup them up obviously didn't know what they were doing. =] – Chris S Mar 28 '12 at 17:13
  • 2
    Waivej, thank you for that. If you'll forgive me, local etiquette is that when you're happy with an answer, you accept it by clicking the tick outline next to it, which drives the SF reputation system for both of us, and prevents the question from constantly bobbing around in the "no accepted answer" pile. My apologies if you already know this. – MadHatter Mar 28 '12 at 21:19