I’ve been talking to people about SPF over the past few weeks. In those conversations most people who are running email servers don’t think SPF is working. In many cases they believe that SPF is being used more by spammers then it is by people who are protecting themselves from spam and I can’t argue with either of those points.
The simple fact that a domain has a SPF record does not mean the domain will never send spam. The idea is that once SPF records are in wide use we will know where the spam comes from more reliably then we do now.
I personally create SPF records for all of my domains, especially the domains that I have not intention of sending email from. A simple SPF record that says no email server anywhere has permission to send any email for this domain is way better then just ignoring the domain completely.
I personally think that SPF might be too complicated to implement on the email server side. I’d like to see a few more open source implementations of the full SPF specification, maybe I’m not looking hard enough or thinking it through well enough, but I had a hard time implementing SPF into SFE.
Another thing I think is holding people back is creating the SPF record itself. I stopped using Network Solutions completely because they did not provide a way to implement SPF records on their hosted DNS service.
Pobox.com has a great tool to help you create an SPF record at http://old.openspf.org/wizard.html which you can place into your DNS records after you know what you want the SPF record to say and I know that GoDaddy.com has an SPF wizard in their hosted DNS service as well.