User Guides
Managing Risks

SPF Hard Fail risks

0min

Risk: SPF is set to hard fail all other sources (-all).

Whilst this is the strictest choice, it can lead to email deliverability issues. Soft fail (~all) provides a better compromise between security and reliability for most organisations. For more information, see section 5 of this document from the Messaging, Malware and Mobile Anti-Abuse Working Group.

Remediation: Update the SPF record for the domain to soft fail mail that doesn't pass an SPF check, i.e. update to ~all