On Sat, 21 Aug 2004 12:44:11 -0400, guy wrote
I think "-all" should be required by the SPF spec.
How can anyone trust a domain that can send email from anywhere?
This has been discussed several times already. Here are the three conclusions
that have always been reached:
- SPF provides a way for a sending domain to specify their policy. It does
not (and should not) *require* them to use a specific policy. If someone
wants to specify +all, they should be able to do so (but should accept the
consequences, as well.)
- There are lots of ways to get the same result as +all without actually
saying +all. Trying to eliminate all those cases is problematic.
- Individual receiving sites are free to choose to blacklist domains that are
problematic. If a domain sets +all and, as a result, gets forged a lot by
spammers, they'll tend to find themselves blacklisted.