Looking at the hypothetical scenario with 4 domains and their following SPF records:
Domain: example.com SPF record: v=spf1 include:otherdomain.com ~all
Domain: otherdomain.com SPF record: v=spf1 a include:thirddomain.com ~all
Domain: thirddomain.com SPF record: v=spf1 ip4:1.2.3.4 include:unsecuredomain.com ~all
Domain: unsecuredomain.com SPF record: v=spf1 +all
- example.com uses otherdomain.com to send emails on its behalf and "soft fail" any other domains.
- otherdomain.com uses their own IPs to send emails and also allows thirddomain.com to send emails on its behalf and "soft fail" other domains.
- thirddomain.com uses the IP 1.2.3.4 to send emails and allows unsecuredomain.com to send emails on its behalf and "soft fail" other domains
- unsecuredomain.com allows anyone to send emails on its behalf.
Questions: Can anyone, unsecuredomain.com, or thirddomain.com send email on behalf of example.com? Can anyone send emails on behalf of thirddomain.com?
Thank you all
