SPF stands for Sender Policy Framework. It is an authentication check on the envelope sender. That is: it asks, "Is this computer allowed to send mail from this address/domain?" It is not a reputation check; it is just supposed to prevent or reduce the likelihood that a message is forged.
What does this mean for email forwarding? Well, a lot, actually! When Pobox forwards mail to your forwarding address, your ISP may do an SPF lookup. If the domain that the message came from published an SPF record, our servers definitely wouldn't be in it! So, if we forwarded the message using the original envelope sender, the mail we are forwarding to you could get rejected.
Instead, we SRS rewrite the envelope sender, so that it will come from @pobox.com. Basically, that means that we take the original sender address, and (with some modifications) make that the username portion of an email address @pobox.com. That way, the SPF lookup your ISP will do is on @pobox.com, instead of the domain of the sender. But, if your ISP rejects the message for another reason, like your account being over quota, we can still reverse the address, and send the bounce message back to the original message sender.