Just wondering.... if it's considered safe to

block incoming email when SPF test is "softfail"???

Any thoughts from folks who have tested in real world??

I personally, block "Fail" tests only, however want to be more

proactive.

Much appreciate your reply

Al

At present I block on softails.

I decided that if it caused me a big problem I would default back to block only hardfails.

So far I've had no complaints, and in my view, if admins are too lazy to publish a correct SPF, and to make their lives easier publish a ~all, then its the same as a admin being lazy and not closing relay etc. In which case, why bother having an SPF record at all if they arent going to administer it correclty and ultimately publish a -all.

I do understand that some people maybe in 'testing' phase, which I do understand, and would not class these admins as lazy. But if a legitimate user complained to their IT dept that they were blocked, which was caused by a soft tail, the IT guy would then go, 'Oh right, lets add your IP to our SPF record' - in effect sorting the problem and helping the senders IT dept complete their SPF record.

Another thing to think about, how many spams do you get that are reportedly from hotmail.com and the like? As hotmail have a ~all, me blocking softtails blocks more spam (from reported sources such as hotmail.com) than false positives. I can understand why hotmail may have a softtail, and in my opinion it is to save them the head ache of any people that may complain who also have a mail client to send mail out using their hotmail address. So by hotmail doing this they're passing the ownous onto us. If such a user then contacted us, it would be for us to say 'If you're using your hotmail address you should use the hotmail web site'. In other words, Hotmail are wanting us to make the stance rather than them, which probably suites them fine.