Not quite sure I understand the problem, but lets say I'm sending email through postfix. I do it from domain a.com, in the email from address is mail@b.com and there's a valis txt dns record at b.com that includes a.com domain. All is well at that point.
The return path is:
Return-Path: <a_random_message_id@a.com>
And the authentication results:
Authentication-Results: mx.google.com;
dkim=pass header.i=@b.com header.s=dmnkey header.b=9Rn2RL3X;
spf=pass (google.com: domain of a_random_message_id@a.com designates 1.2.3.4 as permitted sender) smtp.mailfrom=a_random_message_id@a.com
Does this mean that whenever I send an email, the return path domain is checked instead of from email, and then the dns checked for that domain, to validate spf?
In short, yes. Strictly speaking it's the MAIL FROM envelope sender at the SMTP level that is checked - mainly because this can be checked before the message itself even starts to be sent, saving wasted data transfer. The receiving server takes the envelope sender and adds it as a return-path header on the received message - it's not added by the sender.