User Guides
Managing Risks
SPF Hard Fail risks
0min
Risk: SPF is set to hard fail all other sources (-all).
Whilst this is the strictest choice, it can lead to email deliverability issues. Soft fail (~all) provides a better compromise between security and reliability for most organisations. For more information, see section 5 of this document from the Messaging, Malware and Mobile Anti-Abuse Working Group.
Remediation: Update the SPF record for the domain to soft fail mail that doesn't pass an SPF check, i.e. update to ~all