Julian Mehnle <bulk(_at_)mehnle(_dot_)net> writes:
Domain owners who use SPF are authorities defining which uses of their
domain shall be considered authentic by receivers.
But the statement "All authentic emails from domain X will be sent via
MTAs A, B or C" (which is basically what SPF defines) does not imply
"All email received from MTAs A, B or C claiming to be from domain X
is authentic". What it does mean is "Any mail claiming to be from
domain X which is not sent by any MTA other than A, B or C is not
authentic".