Is '-all' required in included SPF records if the main record has it?

Email marketer from Mailhardener explains that using SPF includes allows referencing other SPF records, but the policy (defined by the 'all' mechanism) is determined by the main SPF record. Therefore, included records do not need their own 'all' mechanism.

Email marketer from EasyDMARC shares that SPF 'include' statements call other domains to be included in your SPF record. The referenced domain then performs its own checks. The ultimate policy determination is based on the main domain's 'all' mechanism.

Email marketer from GlockApps notes that the include mechanism refers to other domains and their SPF records, but the ultimate outcome is determined by the 'all' mechanism in the main SPF record for your domain.

Email marketer from Email on Acid notes that when you 'include' another domain in your SPF record, you're essentially delegating the SPF check to that domain. However, the final decision on whether an email is authorized still rests with your domain’s SPF record and its 'all' mechanism.

Email marketer from Reddit user u/mail_authentication explains that the '-all' mechanism in an included SPF record is mostly irrelevant. The main record controls the final outcome.

Email marketer from StackExchange explains the all mechanism in your primary SPF record is what matters. The presence or absence of an all mechanism in the included records doesn't matter. All that matters is the primary SPF.

Email marketer from Email Hippos explains that the '-all' or '~all' in the primary SPF record determines the ultimate policy if a message fails SPF checks. The presence of an 'all' mechanism in included SPF records is unnecessary as the primary record dictates the policy.

Expert from Word to the Wise explains that SPF records are evaluated sequentially. When an include is encountered, the evaluation temporarily shifts to the included record. However, the overall policy enforcement (dictated by the '-all' or '~all' mechanism) remains the responsibility of the originating domain's SPF record. Thus, the presence of '-all' in included records is not required.

Expert from Email Geeks explains that "-all" in SPF records is not inherently special but indicates how to treat the evaluation if it reaches that point. Including another SPF record means that if the included record passes, the main record passes. The final "-all" controls the response if nothing else matches in the main record, and there's no requirement for included SPF records to have it.

Expert from Email Geeks confirms that if the parent SPF record has '-all', its presence or absence in child blocks is irrelevant.

Expert from Email Geeks shares that the policy mechanism doesn’t transfer with the include, making the policy record irrelevant if you are just publishing a SPF record for customers to use as an include.

Documentation from RFC Editor explains that with the "include" mechanism, an administratively external set of hosts can be authorized, but determination of sender policy is still a function of the original domain's SPF record (as determined by the "all" mechanism in that record).

Documentation from Microsoft Learn explains that the main SPF record includes the final mechanism ('all') which dictates what happens if the message does not match any of the specified IP addresses or domains. Includes only pull in the authorization, not the policy.

Documentation from dmarcian notes that the ‘all’ mechanism determines the policy if no other mechanisms match. In the context of includes, this ‘all’ mechanism in the main record dictates the final result.