Hallam-Baker, Phillip wrote:
Clearly an SPF record MUST NOT end in -all unless the record
provides an exhaustive list of the approved outgoing email
servers.
Yes, that's why it says SHOULD -all, not MUST -all. It also
covers Greg's more exotic example, where "-include:xyz +all"
exactly did what he wanted.
If we are lucky about 5% of mail admins will read the spec
and 20% the nutshell handbook. The other 75% will just copy
the config from another system.
Sure, it's a world full of morons (that includes you and me),
and some of them are postmasters. The SHOULD -all is also an
incentive why receivers "should" bother to support SPF at all,
without the chance of a FAIL it would be a waste of time from
their POV.
[ Caveat, this issue was declared "off topic" some days ago ]
Bye, Frank