[medmunds]

If you use DMARC with a reject or quarantine policy, SPF hardfail ("-all") can prevent recipients from successfully forwarding mail you've sent them.

Some best practices for DKIM, SPF, and DMARC (as of mid-2015) in [1], including this:

> ...when an organization publishes p=reject [in DMARC], they should simultaneously change their SPF hard fail to SPF soft fail. ... A message that passes SPF and is forwarded will fail SPF. If a message hard fails SPF it will probably be marked as spam but if it soft fails, it will most likely still be accepted by the recipient. This forwarding failure possibility is why most organizations publish a soft fail record.

[1]: https://blogs.msdn.microsoft.com/tzink/2015/07/12/what-is-th...

[slasaus]

Interesting note about DMARC, but still, if you're concerned about breaking forwarding for your domain, then why bother using spf at all? I still don't see the benefit of setting up ~all rules.

[medmunds]

I believe that DMARC requires SPF. Since I want DMARC, I need to provide a compatible SPF, which means ~all.

(And I do want to implement DMARC. Not so much to improve deliverability of my own email, but rather to prevent delivery of malicious email pretending to be from my domain.)

[slasaus]

Ok, just wondering, would "v=spf1 ?all" be the same in that case? I.e. a neutral spf policy?