Example.com hosted on XYZ needs an SPF record that permits as a sender the IP range that ABC Corp might issue you with (in practice your dynamic IP address tends to be the same for months on end).
This is a massive improvement over anybody being able to do it.
In addition many mail servers are now only accepting fully authenticated and encrypted connections from mixed ISP and domain hosting combos. I have had to switch TB to OAuth2 to comply with the new rules.
It is possible that XYZ have created one for you but if they haven't then any emails you send to people who are hosted by Microsoft or BT will be summarily dropped on the floor with no warning.
SO far iCloud and Gmail have not imposed these restrictions which is how I was able to obtain headers from vanished emails to failed destinations and CC'd to other more tolerant email addresses that I control.
It has cut down the amount of spam circulating enormously but with significant collateral damage for small businesses with cheapest of the cheap hosting arrangements and little or no internal IT support.
The ISP hell desks are pretty hopeless on this topic.
>