I will bump this thread as well. Now since we implemented stricter policies on our SM install I am starting to see SPF failure messages in our logs. When I look up the SPF policy via MXToolbox the policy passes for said domain. My only work around for now is to change the scoring in my SPF check to a lower number. I had it set to 30 for Fail and also uncheck the option for Enable for SMTP blocking. That way I can be sure no other legitimate email gets blocked. I have seen a bunch of listings especially in the past 2 weeks since setting up our policies and most of them were indeed garbage domains. I did use Bruce's document as our guideline and appreciate the work Bruce put into the document for all of us. It was a big help in getting things configured properly.
Anyways, the log just shows _SPF(Fail) but gives no other reason why. We are running SM Version 14.5.5907 enterprise. Is this addressed in a newer build? Or is this something that is still a work in progress? I see this was brought up 2 years ago but haven't seen an update on this.