Hi,
No, I'm not saying I'm right either. Just sharing knowledge. And i'm not an expert btw.
But still, as far as I understand the concept, the POP server (your receiving MTA) should not accept mail from servers which are not listed in SPF record of the domain, regardless of how the spammer had configured his outgoing mail server.
Currently, IPs other than MX IPs are allowed to be entered as send mail IPs which is why something like paypal mails occur but this maybe completely stopped in future.
MS has a graphic that illustrates:
www. microsoft.com/mscorp/safety/content/technologies/senderid/wizard/
Regds
IJ