Wednesday, December 7, 2011


When you are configuring SPF records in DNS servers you have to clearly define the mail server policy to prevent unauthorized users sending mails to using your domain. Following is the SOFTFAIL vs FAIL comparison on SPF records.

~all ==> Defines the SOFTFAIL
-all ==> defines the FAIL

SOFTFAIL will mark e-mails as spam and forward to the sender while "FAIL" will drop the mail at the mail-server itself in case you are sending unauthorized mail server.

When you start configuring SPF records its good to start with SOFTFAIL once you identified and optimized mail servers you better go with SPF "FAIL".

As a good practice its better to configure both TXT and SPF records.