SPF failure occurs when the sender IP address is not found in the SPF record. This means the email is sent to spam or discarded.

If DMARC is not implemented :-

SPF Softfail (~all) – The tilde “~” in front of “all” means that any servers not listed in SPF record should be treated as a softfail, ie. mail can be allowed through but should be tagged as spam or suspicious by the receiving mail server. 

SPF Softfail example:
v=spf1 include:_spf.google.com ~all

In this case the include:_spf.google.com authorizes Google to send emails. Any emails originating from different servers should be marked as spam by the receivers mail servers.

SPF Hardfail (-all) – The minus “-” in front of “all” means that any senders not listed in SPF record should be treated as a hardfail. This means they are unauthorized senders and emails from them should be discarded by the receivers.

SPF Hardfail example:
v=spf1 ip4: -all

In this case only the IP address is authorized to send emails on behalf of the domain.

If DMARC is implemented :-
DMARC ignores the nuances of softfail and hardfail in your SPF configuration i.e. ~all and -all are treated equivalently as a SPF fail. 

author image

About rgi-admin

You Might Also Like...

Product Hunt