I disagree, just because I’ve emailed support@visa.com in the past does not mean I want every spam phishing email pretending to come from support@visa.com reaching my inbox.
You make a fair point but you've drawn a slightly broader scenario than I had in mind. Surely if you initiate an email to myfriend@obscureserver.com with the title "Hey buddy" and you get back a reply titled "Re: Hey buddy" from someone alleging to be myfriend@obscureserver.com, you'd want that in your inbox and not spam even with a misconfigured sender on your friend's end... no?
Edit: my ideal UX in this situation would be to get the mail in inbox, with a small notice saying "Unverified" and a mouseover/hover text explaining what that means re: SPF records; from there if you mark it as spam it would treat such unverified mail from that domain as spam on an ongoing basis
Edit: my ideal UX in this situation would be to get the mail in inbox, with a small notice saying "Unverified" and a mouseover/hover text explaining what that means re: SPF records; from there if you mark it as spam it would treat such unverified mail from that domain as spam on an ongoing basis