This ARO will be generated when an improvement to your domain protection methods could be improved. This could include improvements to your DMARC (Domain-based Message Authentication, Reporting and Conformance) / SPF (Sender Policy Framework) / DKIM (DomainKeys Identified Mail) DNS entries.
Discussed in https://support.fieldeffect.com/en/support/solutions/articles/16000181097-do-i-need-to-use-dmarc- we recommend that your SPF record uses a hard-fail rather than a soft fail policy.
A soft-fail policy "~all" means that any server not listed in the SPF record is authorized to send email on behalf of your domain, however the email will be tagged as spam or suspicious by your email service provider. We suggest a hard-fail "-all" default policy in order to reduce exposure to social engineering risks like domain spoofing and similar attacks
Use "-all" instead of "~all"
Was this article helpful?
That’s Great!
Thank you for your feedback
Sorry! We couldn't be helpful
Thank you for your feedback
Feedback sent
We appreciate your effort and will try to fix the article