I have been monitoring my domain for the past week, and saw in the Threat/Unknown tab an email from a weird server in Iran
At first I thought that it was someone trying to usurp my domain name, but when I inspected it, I saw that the SPF test passed.
It does mean that this server is in the IP range of authorized IPs in my SPF record, but as I use outlook servers for my domain, my SPF record only have 3 of my mail servers IPs, the spf.protection.outlook.com and the spf.sendinblue.com.
However, I can not find the IP of the server in my SPF list, how did it passed the test ?
Thank you for your help