Does using SPF -all mean that if you send a mail to someone, they won't be able to resend/bounce/redirect that mail to someone else since the resending process uses their mailserver instead?
It breaks forwarding services that don't use SRS [1], for example OVH's. Like you mention, the next hop (example: gmail) will see it coming from the redirecting domain which is not valid per SRF rules. A SOFTFAIL will send a lot of emails to spam, a HARDFAIL means the email might be rejected outright.
I'm not talking about forwarding, but resend/bounce/redirect, which means the original sender stays in the From header and the entire email is identical to the original one.
[1]: https://en.wikipedia.org/wiki/Sender_Rewriting_Scheme
I need to move my domains off of OVH...