On 5 Jul 2011, at 12:54, Jan Ingvoldstad wrote: > On Tue, Jul 5, 2011 at 12:31, Ian Eiloart <[email protected]> wrote: > My guess is that Google are allowing senders with SPF passes some slack on > other checks. So, you'd just want to publish a record for example.org. > > On a general basis, I recommend against using SPF, but if one "must" use SPF, > remember to NOT set it restrictively. > > That is: never, ever use "-all" or similar constructs that restrict message > handling to a few hosts, unless you are absolutely certain that messages will > NEVER exit your private/company network.
Actually, "-all" is a great way of saying "this is not an email domain." And ~all is just fine. About half the mail that we accept for delivery has an SPF record for the sender domain, and about 95% of that gets an SPF PASS. It's useful for limited whitelisting of friendly domains, like those of business partners. > Pain ensues if it does. > > -- > Regards, > Jan -- Ian Eiloart Postmaster, University of Sussex +44 (0) 1273 87-3148 -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
