One of hour hosted email clients has their bank sending them email. The bank has what appears to be a valid SPF record, which some tools will say is valid, but one of the includes in the SPF record has no valid SPF record for it. All the ip4 stuff is fine, a few other include records are fine, under 10 DNS lookups, etc, but this one invalid include in cause SM to PermError and send to spam.
I'm not an RFC specialist and it looks like this is a gray area anyway since some tools will give this record a pass and others will fail. Any insight on if SPF should perm_fail if one of the includes is invalid?