1

http://www.google.com/support/a/bin/answer.py?answer=178723

How to properly set up my mailservers DNS record? I mean is it good to only set a:

v=spf1 include:_spf.google.com ~all

or is it better to:

v=spf1 include:_spf.google.com ?all
user48838
  • 7,393
  • 2
  • 17
  • 14
LanceBaynes
  • 2,907
  • 9
  • 27
  • 31

2 Answers2

6

I'm aware this question has been answered, and the answer accepted, but I'll put my line in the sand anyway for future readers.

In my opinion, both ~all and ?all are wrong. As a mail server admin, they are both useless to me, and I give no preference to mail that satisfies either of those records. The only meaningful use of SPF is to say which hosts aren't allowed to send mail from your domain by listing those which are, and then removing permission from all others with the -all record.

If you're going to the trouble of setting up SPF records, please, please itemise the addresses that can send email from you, and interdict all the others. If you go to that trouble, then I'll have genuine interest in email which both claims to be from your domain and comes from the handful of hosts that you have permitted to send mail from you.

MadHatter
  • 78,442
  • 20
  • 178
  • 229
  • The only legitimate reason to use either of those is in testing your spf record. The documentation for SPF at openspf.org translates v=spf1 +all as *The domain owner thinks that SPF is useless and/or doesn't care.* :-) – dunxd Sep 25 '11 at 21:36
  • 1
    +1 Could not agree more. Don't half-a## it! – Chris S Sep 25 '11 at 21:37
3

"?all" basically means no test. If you are required to setup a SPF, but do not want any actual impact, then the "?all" will accomplish that.

user48838
  • 7,393
  • 2
  • 17
  • 14