homepage Welcome to WebmasterWorld Guest from
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Become a Pro Member

Visit PubCon.com
Home / Forums Index / Hardware and OS Related Technologies / Website Technology Issues
Forum Library, Charter, Moderators: phranque

Website Technology Issues Forum

SPF record: -all or ~all

 8:36 pm on Jul 11, 2010 (gmt 0)

I'm trying to improve delivery of automated emails from a phpBB forum. I've set up a SPF record in the DNS which looks like this:

v=spf1 include:_spf.google.com include:example.com ~all

(Google Apps is for regular email, and example.com refers to the hosting company's SPF records for the automated emails.)

Google recommends [google.com] using
~all instead of -all to avoid "delivery problems", but doesn't go into details. In my case, I know that the only servers that will be used are the Google ones or my server - I don't have any users for this domain.

So should I use
-all instead? In anyone's experience, is it better to FAIL or SOFTFAIL when using SPF records?



 1:24 am on Jul 12, 2010 (gmt 0)

I use -all on some domains, but not on all. The problem is that you don't always know which server will send legitimate emails with your email address as source address.

A number of online systems like forums, webshops, mailinglists etc send notification emails where the address you used to sign up is used as the From: address. Those emails may get lost if you use the -all setting because they are sent from servers whose IP address is not in your SPF record. If you are never using a domain to sign up to sites which send messages on your behalf, it is safe to use -all in the SPF record of that domain.


 12:51 am on Jul 13, 2010 (gmt 0)

Thanks for the reply lammert - it sounds as if using
-all will be safe in my situation, as apart from the automated emails, the domain's email addresses are mostly used for receiving and not sending.

I have a supplementary question specifically relating to Hotmail delivery - what's the current situation with Sender ID? Would it be a good idea to create a dedicated TXT record in the Sender ID format for Hotmail, or should the SPF record suffice?


 3:36 am on Jul 19, 2010 (gmt 0)

There has been no harm in doing both IMHO. My testing (RedHat Linux w cPanel) has shown it helps delivery to AOL where the client IP (mail client) is in a portable (aka dial-up) range.

Add the true IP of that the email server is bound to as cPanel grabs the IP4 A record of the webserver. Listed as 'Additional Ip blocks for your domains (IP4)'.

The best of the online SPF record checkers is [kitterman.com ] There are others but they give confusing results (IMHO) and/or false errors. openspf.org has lots of backing docs if you are curious.


 4:45 am on Jul 19, 2010 (gmt 0)

In above #4172607 both = SenderID/Domain Keys and SPF.

Global Options:
 top home search open messages active posts  

Home / Forums Index / Hardware and OS Related Technologies / Website Technology Issues
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved