I have an SPF related question that has arisen after we started receiving DMARC reports for our domains. Some of the messages that Google is reporting on have an SPF domain (as seen in dmarcian) that corresponds to our domain name (and that is also name of our primary MX (e.g. croatia.test.hr)), and some of the messages have an SPF domain that is part of our HELO/EHLO string (and name of our secondary MX (e.g. mx1.croatia.test.hr).
Messages that have an SPF domain of e.g. mx1.croatia.test.hr have SPF set to none (as we do not publish SPF for what is essentially a hostname), and because of that they also fail SPF DMARC alignment check.
My question is why is Google not checking domain part of hostname defined in that HELO/EHLO string (e.g. croatia.test.hr) and is instead checking SPF of domain that does not exist (e.g. mx1.croatia.test.hr) and what can we do about it?
Best regards, MSMS