SPF ?all

The most read post on the blog is Authenticating with SPF: -all or ~all. In fact, it’s in the top 5 posts every single day. We still get comments on it, too. Usually from folks who disagree with my recommendations.
I still stand by my recommendations, though. It doesn’t really matter if you choose ~all or -all in your SPF records. Why? No major provider is rejecting mail solely because of a SPF fail. They may bulk the mail, but they won’t reject it. That’s why, in a deliverability context, it doesn’t matter which one you choose.
My one rule for SPF is never use ?all. Just. No. In the spec, ?all is “testing” mode. But it really is a signifier that the person who put the SPF record together doesn’t know what they’re doing. Unless they really are testing, but even then you shouldn’t see ?all on records for weeks or months.
~ or – never ?


  1. Jacob Evans says

    ? = ignorant admin

  2. Moliverability says

    Agree with Laura because if my memory serves me right, both Micro, Goggles, Yahoo and AOL who were on a panel at MAAWG 36 all said reputation of the domain also plays a part in the decision making process of whether to accept or reject or bulk. Filtering would be easy if it was solely based on authentication.

  3. Henrik Schack says

    Remember, if you’re using the latest and greatest in authentication – ~ or ? doesn’t really matter as only a SPF PASS will make your email DMARC SPF aligned.

  4. Luke says

    Mailchimp are recommending we use ?all… I have been searching around to question that.


Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.