In the early days of SPF some sites were configured to give bonus points or whitelist source
domains with SPF.
The right way to use SPF is negative scoring only. If email doesn't match its domain SPF then
give it spam points ... whatever you happen to think it's worth.