Sorry I have to disagree with 1. there, I used their wizard to setup my domains and every once and a while I get my mail rejected anyway. From the site for ~all:
"SPF queries that do not match any other mechanism will return "softfail". Messages that are not sent from an approved server should still be accepted but may be subjected to greater scrutiny."
Steve didn't set a ~all though, he set -all. From the SPF whitepaper: "To Fail or not to Fail? If you look at other sites with spf records, you find that some of them end in ?all, some of them end in ~all, and some end in -all. What should you do? It depends. This is a tradeoff situation: you have to balance competing concerns. Conservative publishers might start with a ?all, move through ~all as conditions change, and (if all goes well) stabilize at -all. (Conditions change means users switch to the approved outbound smtp relay, forwarders start prepending headers and implementing srs, and you start signing with DomainKeys.) If you are very concerned about phishing, publish a -all right away and accept that there may be some false positives due to noncompliant forwarders who are slow to upgrade. Otherwise, use a ~all." So, I take some blame for being a "noncompliant forwarder" but, Steve also should accept if he sets -all then some messages will bounce.
People who drop/reject mail based on spf records make kittens cry. But I have ranted about that already.
I agree, and will talk to the people who administer CS as well. Jamie ----------------------------------------------------------------------- Jamie Curtis office: G.1.01 WAND Group, Dept of Computer Science phone: +64 7 838 4136 University of Waikato, mobile: +64 21 392 102 Hamilton, fax: +64 7 858 5095 New Zealand email: jamie(a)wand.net.nz -----------------------------------------------------------------------