SPF ?all

The most read post on the blog is Authenticating with SPF: -all or ~all. In fact, it’s in the top 5 posts every single day. We still get comments on it, too. Usually from folks who disagree with my recommendations.
I still stand by my recommendations, though. It doesn’t really matter if you choose ~all or -all in your SPF records. Why? No major provider is rejecting mail solely because of a SPF fail. They may bulk the mail, but they won’t reject it. That’s why, in a deliverability context, it doesn’t matter which one you choose.
My one rule for SPF is never use ?all. Just. No. In the spec, ?all is “testing” mode. But it really is a signifier that the person who put the SPF record together doesn’t know what they’re doing. Unless they really are testing, but even then you shouldn’t see ?all on records for weeks or months.
~ or – never ?

Related Posts

Should you publish DMARC?

secure_email_blogI’ve been hearing a lot lately about DMARC. Being at M3AAWG has increased that. Last night we were at dinner and heard from the next table “And they’re not even publishing DMARC!!!!”
I know DMARC is the future. I know folks are going to have to start publishing DMARC records. I also know that the protocol is the future. I am also not sure that most companies are ready for DMARC.
So lets take a step back and talk about DMARC, what it is and why I’m still a little hesitant to jump on the PUBLISH DMARC NOW!! bandwagon.

Read More

Don't just follow the HOWTO

speakingIconForBlogThere are so many moving parts to ensure good email deliverability. Email marketers need to know marketing, they need to know email and they need to know design. The technical bits of email can be a challenge to learn, and many folks who write tutorials and How-Tos write them for a different audience than marketers.
One of the things I’m trying to do is demystify the technical end of email for marketers. Today I talked about authentication in the Only Influencers newsletter. Check it out!
Understanding the technical: Authentication
Authentication in general

Read More

Check your tech

One of the things we do for just about every new client coming into WttW is have them send us an email from their bulk mail system. We then check it for technical correctness. This includes things like reviewing all the different From headers, rDNS of the connecting IP, List-Unsubscribe headers and authentication. This is always useful, IMO, because we often find things that were right when they were set up, but due to other changes at the customer they’re not 100% correct any more.
This happens to most of us. Even a company as small as Word to the Wise misses a rDNS update here or a hostname change update there when making infrastructure changes. That’s even when the same people know about email and are responsible for the infrastructure.
One of the most common problems we see is a SPF record that has accumulated include: files from previous providers. There are a couple reasons for this. One is the fact that SPF is set up while still at the old provider in anticipation of moving to the new provider. Once the move is made no one goes back to clean up the SPF record and remove the old entries. The other reason is that a lot of tech folks don’t like to delete things. Deleting things can lead to problems, and there’s no harm in a little extra in the SPF record. Except, eventually, there are so many include files that the lookup fails.
Every mailer should schedule a regular tech audit for their mail. Things change and sometimes in the midst of chance we don’t always catch some of the little details.

Read More