cPanel SPF records always configured for SOFTFAIL, why?

[jols]

Hi,

I keep reading this sort of thing:

Publishing an SPF record that uses -all instead of ~all may result in delivery problems.

So I am wondering why all cPanel SPF records are automatically established with SOFTFAIL "~all", rather than "-all"?

 

[kdean]

Softfail "~all" is a safe default because receiving mail servers will not as likely block it or send it to a spam folder.

When you set it to "-all" you better make sure that you have all the included servers, IPs, etc. that send email with your domain, otherwise the SPF record will indicate that a server may not be authorized to send mail on behalf of your domain.

So, if you know you have everything you need, then go ahead and set it to "-all" in my opinion.

 

[jols]

Thanks very much for the clarification. This is something I've been grappling with for years, and you've explained it clearly.

 

[cPanelMichael]

Hello

Yes, the consensus is to avoid hard fails on SPF records since it breaks email forwarding unless the forwarding server uses SRS. The "~all" entry is generally preferred since it gets messages from non-standard senders bumped up in spam detection systems, but doesn't outright fail them.

Thank you.

 

[kdean]

Which brings up the issue of cPanel not providing the interface to enable SRS support itself for the emails it forwards. Seems to be a simple update that hasn't been implemented for years.

Add your vote. Built-in SRS support under Advanced Exim Configuration Editor in WHM. | cPanel Feature Requests