I have started using the SPF checking feature in Mail Security for Exchange v7.0. I have, following the documentation, turned off the automatic rejection and instead set up a rule which quarantines the message so that I can then later inspect it and release it.
It appears to me that the software does not understand how to do with soft-fails at the end of SPF records. Normally a "~all" would indicate to the checking software (ESET) that it should allow the message but provide some sort of warning? It seems widely understood that such a soft-fail would result in the outright rejection of a