Sender Policy Framework (SPF) has been configured on the Symantec Messaging Gateway (SMG) but some messages are sent through without policy action.

SMG cannot check SPF records when the record that it is looking for does not exist.  Because of this, the SMG will not take an action configured in a SPF authentication policy when it receives a message from a sender that does not have a SPF record.

This behavior is by design.