SpamAssassin Rule: SPF_FAIL
Standard description: SPF: sender does not match SPF record (fail)
SPF (Sender Policy Framework) is an open standard specifying a technical method to prevent sender address forgery. The sender's domain is matched against a list of allowed mail relays for that domain. This states, for example, that mail from firstname.lastname@example.org should have come via mail.example.com and not mail.badguys.info.
This often breaks where users have forwarded their email to another domain, but the forwarding mechanism is not SPF-aware. Such a user would see SPF_FAIL tags on some of their incoming mail.
A "Fail" result is an explicit statement that the client is not authorized to use the domain in the given identity. The checking software can choose to mark the mail based on this or to reject the mail outright.
From RFC 4408
The default scores for this rule can be found in the online list of tests.