>> Please help me understand why SPF_FAIL would not be triggered when an >> incoming email using my domain is received by a server that is not in >> my SPF record. > > I think you mean, *FROM* a server that is not in your SPF record. > > SPF says nothing about the *recipient* MTA.
Unless that recipient MTA is my own, correct? The SPF record contains a list of servers that are allowed to send mail using my domain, including to my own MX. This can't be used for spoof protection for my own domain as easily as for remote systems to ascertain whether an email received by a remote system was sent legitimately from one of our systems? Thanks, Alex