I’ve been looking at new spam prevention options with Postfix 2.1.1 and one of the most interesting features is SMTP Access Policy Delegation or “the policy daemon.” It seems an excellent framework — instead of having to constantly modify the MTA you can just hook up another external policy server. Current implementations of policy servers include greylisting and support for SPF.
While reading about SPF I decided to go ahead and add SPF records for a number of domains I run. I could do this because I’m not a travelling salesman and the domains I selected don’t have users that would suffer from the forwarding problem.
In general, though, it seems a bit tricky to define working SPF records for any complex domains with remote or mobile users. Maybe in a couple of years when everyone has an IMAP server with SSL or TLS support, and all MTA’s have SRS support…