1

I was looking at how various sites have their SPF records set, and found a site whose SPF record ends with +all.

This seems to be a bad idea, and spf-all says the following about the matter:

+all Pass The email is never a forgery. This option should not be used.

Yet I cannot find anything in the RFC that says this is banned, so it appears to be a valid record.

Is this a valid record? And if so, would most spam filters treat this as an indication to raise the required level of spammyness of a message from this domain before it is treated as spam, or would it simply ignore the record, or count it against the domain?

jrtapsell
  • 986
  • 1
  • 9
  • 15
  • 1
    Possible duplicate of [What are SPF records, and how do I configure them?](https://serverfault.com/questions/369460/what-are-spf-records-and-how-do-i-configure-them) – Jenny D Jun 29 '18 at 15:13
  • 1
    @JennyD That question is about SPF in general, this asks about a specific case, I'd have thought that makes it not a duplicate – jrtapsell Jun 29 '18 at 15:16
  • It's a duplicate for two reasons. First, it does contain the answer to your specific question. Second, it's a [canonical question](http://meta.serverfault.com/questions/1986/what-are-the-canonical-answers-weve-discovered-over-the-years), meaning that it's the last word on that topic. – Jenny D Jun 30 '18 at 11:02
  • 1
    The only specific reference I could find to +all in the 2 answers is `and +all is an abomination.`, there are a few instances where it is mentioned coincidentally, but not the rationale behind it not being banned, or how it can be used for good. I agree that a question on setting up SPF would be a duplicate of the canonical, but if all SPF questions fall under the canonical question then should the tag be [burninated](https://meta.stackexchange.com/questions/120640/what-does-it-mean-to-burninate-a-tag)? – jrtapsell Jun 30 '18 at 20:54

1 Answers1

4

SPF is defined in RFC 7208.

The "all" keywork is defined as such:

5.1. "all"

all = "all"

The "all" mechanism is a test that always matches. It is used as the rightmost mechanism in a record to provide an explicit default.

For example:

 v=spf1 a mx -all

Mechanisms after "all" will never be tested. Mechanisms listed after "all" MUST be ignored. Any "redirect" modifier (Section 6.1) MUST be ignored when there is an "all" mechanism in the record, regardless of the relative ordering of the terms.

You even have this example:

v=spf1 +all

  -- any <ip> passes

or

example.com.           SPF  ( "v=spf1 "
                              "-include:ip4._spf.%{d} "
                              "-include:ptr._spf.%{d} "
                              "+all" )
ip4._spf.example.com.  SPF  "v=spf1 -ip4:192.0.2.0/24 +all"
ptr._spf.example.com.  SPF  "v=spf1 -ptr +all"

This example shows how the "-include" mechanism can be useful, how an
SPF record that ends in "+all" can be very restrictive, and the use
of De Morgan's Law.

So +all is useful, and certainly not banned.

As for spam filters, it is difficult to say how they treat it, this is a local policy configuration.

Community
  • 1
Patrick Mevzek
  • 9,273
  • 7
  • 29
  • 42