The terms MUST and SHOULD have very particular meaning in standards
documents.
Clearly an SPF record MUST NOT end in -all unless the record provides an
exhaustive list of the approved outgoing email servers.
Clearly the spec provides the greatest advantage if the record is an
exhaustive but this is not always possible.
It would be reasonable to say that mail admins SHOULD attempt to provide an
exhaustive list and hence be able to specify -all. If people are told that
they SHOULD use -all they are going to end up being misled.
There is a big difference between a specification and a standard. The
standard is what people do, the specification is merely an opinion and
advice on what they should do.
Its like herding cats. If we are lucky about 5% of mail admins will read the
spec and 20% the nutshell handbook. The other 75% will just copy the config
from another system.
What we really need is to have code written into sendmail and the other MTAs
so that they check their configuration on startup and report an error if
they have a misconfiguration.
Phill