Using ?all (neutral) might be best for deliverability's sake while you build out this SPF record during discovery. This would have the same effect as your current scenario of having no SPF record, while still allowing for positive matches of your legitimate known mail-flow until you get to a point you move to ~all.
- Mark Alley On 1/11/2023 7:08 AM, Simon Burke via mailop wrote:
All, This is an odd scenario, but sadly one I find myself in.Work is a large organisation, and currently does not have an SPF record. The reasonĀ is that there are a large (and unknown) number of internal and external parties that send mail on our domain, as well as sub-domains.So, even if we do determine who sends email on the domain, we would then have an issue with max lookups and record length.I know we can use an SPF flattening service. However that either has a cost. Or, although we can develop something in house, there's a 'bought not built' ethos being pushed by management.As an out the box idea, what would the potential impact be of having an SPF record stating just:"V=spf1 a mx +all"How bad of an idea would this be? If we also had a DMARC record set to either quarantine or reject.Regards, Simon _______________________________________________ mailop mailing list [email protected] https://list.mailop.org/listinfo/mailop
OpenPGP_0xE37A23C4D04F0409.asc
Description: OpenPGP public key
OpenPGP_signature
Description: OpenPGP digital signature
_______________________________________________ mailop mailing list [email protected] https://list.mailop.org/listinfo/mailop
