Our spamassassin 3.3.1 is marking email with tags like and SPF_SOFTFAIL and SPF_FAIL, as long as the sender info is failing the SPF test. But if the sender passes the test and the From: address is from our domain, then there are no SPF tags appearing.
The risk is that users don't look at the sender, only the From: field of their email, and this can potentially allow phishing. Has anyone encountered this issue and resolved it?