SPF info on spf.dreamhosters.com


Hopefully the person managing that spf string will see this. The string should end in “?all” and not “~all”. “?all” will give the server a neutral response but a “~all” will give a softfail. If we are including the string in our spf string then it should be “?all” for us. That’s just my 2 cents.


Actually, if you’re just “include:”-ing spf.dreamhosters.com, then it doesn’t matter if the record ends with ?, ~, or -. Since the include syntax won’t generate a fail, only the outer record will do that.

From http://www.openspf.org/SPF_Record_Syntax#include :
“In hindsight, the name “include” was poorly chosen. Only the evaluated result of the referenced SPF record is used, rather than acting as if the referenced SPF record was literally included in the first. For example, evaluating a “-all” directive in the referenced record does not terminate the overall processing and does not necessarily result in an overall Fail. (Better names for this mechanism would have been “if-pass”, “on-pass”, etc.)”

I tested that myself with some web spf testers. Used include records with a hard-fail and the main/outer record with a pass or soft-fail, the main all designation was always used, no matter what the include all designation was. “The include: mechanism is meant to cross administrative boundaries”, so it makes sense.


You are aware that you are responding to a rather old post? Anyways I had checked it and changing ~all to -all did make a difference for me. When tested ~all resulted in a soft-fail and -all resulted in a hard fail. Keep in mind that I also include ip addressed for google email since the domain email is hosted there so it ends up referencing mine anyways.

Save $50 on any plan using promo code DREAMY50