An SPF pass is a reasonably strong signal that the mail did come from the purported source. An SPF fail doesn't tell you much.
The basic rule is that without any established track record, any 'directive' from a sender, about how a receiver should handle received mail, is strongly like to have significant false positives.
Hence, processing with a heightened level of concern makes sense, while blindly following the directive does not.
d/ -- Dave Crocker Brandenburg InternetWorking bbiw.net _______________________________________________ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop