Confused about SPF Records
I thought that ?all
in SPF should not be used.
Then I examinated SPF records of some local email provider companies and I found this:
v=spf1 mx ip4:77.75.78.0/23 ip4:77.75.76.0/23 ip6:2a02:598::/32 ?all`
Isn't this basically saying to mark failed SPF as Neutral
, therefore letting basically everyone to send emails on behalf of that domain ?
Their DMARC is set like this:
v=DMARC1; p=none; rua=mailto:[email protected]
Again, isn't this saying to do nothing when DMARC fails ?
Then there is the company I'm working in. Their's SPF record is like this:
v=spf1 mx a:xxx.xxx.xxx a:xxx2.xxx.xxx include:protection.outlook.com include:spf.xxx.xxx ?all
Do the include's overwrite the final ?all ? Again, doesn't this say to mark everything as Neutral ?
What's the actual use case of ?all
in SPF records ?
In principle you are right, a SPF softfail was intended to be a temporary setting for just testing of the setup. After testing it was recommented to be changed into the hard fail mode, where record is set to end with -all
.
But it seems everybody is frigthened to lose some spam or simply are not self confident. Many people chose to leave it in the softfail setting.
The same seems to be with DMARC. The policy none does nothing. If you want your DMARC to be really effective, use reject or quarantine policy. Then compliant servers will refuse to accept and deliver a mail which claims to be from your domain but in reality it is not yours.
To some extent this is alleviated with the fact there are sophisticated spam filters, which still consider SPF and DMARC results and pessimize the score of mail which failed the tests. SPF softfail and others are considered together with body statistical analysis, blacklist quieries and so on, and together they tend to lower the score of spam so severely so it nevertheless is getting into a spam, or, conversely, correct SPF and/or DKIM depessimizes innocent mails, making them to look less spammy. So even DMARC p=none and SPF ~all or ?all still are doing some good, by increasing the "innocence" of good mail instead of pessimizing "bad" ones.