That is, if something is wrong, things should fall back to the way
it
would be if there was no SPF record published.
Should it? If something is designed to be fail-safe, that could also
mean the exact opposite.
Exactly my words. For me, it would be a definite failure of the system
if the receiver says "unknown" if someone forges my e-mail address. The
spec says: "If a loop is detected, enable forgeries".
This is a very bad example of error handling. Try to imagine a firewall
that works the same way as SPF does now: If some kind of
misconfiguration happens, open up all ports, disable virus scanning and
filtering, in order to ensure that all traffic passes. It surely keeps
the network connection up, but would you buy it?
Lars.