SPF ?all


The most read post on the blog is Authenticating with SPF: -all or ~all. In fact, it’s in the top 5 posts every single day. We still get comments on it, too. Usually from folks who disagree with my recommendations.
I still stand by my recommendations, though. It doesn’t really matter if you choose ~all or -all in your SPF records. Why? No major provider is rejecting mail solely because of a SPF fail. They may bulk the mail, but they won’t reject it. That’s why, in a deliverability context, it doesn’t matter which one you choose.
My one rule for SPF is never use ?all. Just. No. In the spec, ?all is “testing” mode. But it really is a signifier that the person who put the SPF record together doesn’t know what they’re doing. Unless they really are testing, but even then you shouldn’t see ?all on records for weeks or months.
~ or – never ?

About the author


This site uses Akismet to reduce spam. Learn how your comment data is processed.

  • Agree with Laura because if my memory serves me right, both Micro, Goggles, Yahoo and AOL who were on a panel at MAAWG 36 all said reputation of the domain also plays a part in the decision making process of whether to accept or reject or bulk. Filtering would be easy if it was solely based on authentication.

  • Remember, if you’re using the latest and greatest in authentication – ~ or ? doesn’t really matter as only a SPF PASS will make your email DMARC SPF aligned.

By laura

Recent Posts


Follow Us