I have started using the SPF checking feature in Mail Security for Exchange v7.0. I have, following the documentation, turned off the automatic rejection and instead set up a rule which quarantines the message so that I can then later inspect it and release it.
It appears to me that the software does not understand how to do with soft-fails at the end of SPF records. Normally a "~all" would indicate to the checking software (ESET) that it should allow the message but provide some sort of warning? It seems widely understood that such a soft-fail would result in the outright rejection of a message, but within ESET it does. Moreso there aren't different ways of handling soft and hard fails (e.g. it might be expected that a hard fail is rejected, but a soft fail quarantined).
Has anyone else experienced this? Is there a workaround?
