John Keown wrote:
The only reason for an unlimited spf record is laziness.
Um, no. We are not our clients' connectiviy provider. They need to be
able to send using their identity that we provide. Their connectivity
providers resort to various methods, like port blocking, that keep them
from using our SMTP server for submission. (My employer, for example,
doesn't just block port 25 -- they block *every* port exect for 80, 443,
and a handful of others.) They need to be free to change connectivity
providers without telling us. So they *must* be free to send mail using
a domain for which we're responsible using any IP address in the world.