It's a bit ironic that today the only spam I got came from
someone forging an EarthLink address. EarthLink is being timid
and placing a "?all" at the end of their SPF record. AOL does
this too. The fallback record does a better job than this.
I'm going to modify "Query.pm" to replace "?all", "~all", and
even "+all" with "-all". The "+all" covers the numbskulls that
want people to send spam using their domain. I could care
less about getting e-mail from people using forwarding
services. If they're someone I know, I'll whitelist them.
This will be much easier than creating an override for every
large domain afraid to put "-all" in their record.