SPF tidbits

[Ben Hanson]

I've been reading into and experimenting abstractly with SPF on my mail 
server, and am currently just adding a header which lets me debug 
resulting lookups without doing anything with it.  This functionality is 
built into the latest version of Surgemail, which I highly recommend to 
anybody looking for a very actively developed, configurable, stable 
server package for virtually any platform, with a very portable 
administrative console that's browser based.   It also integrates 
SpamAssassin with almost no effort. 

Anyway, I'm aware that SA3 will contain some spf functionality, and have 
been wondering about whether it is to my own personal benefit to create 
an SPF record for my own domain.  We had issue a while back with 
somebody spoofing transprintusa.com and spewing forth one of the recent 
Windows viruses.  I got a lot of undeserved hatemail, as postmaster.  
SPF would only help me personally in the short term in such a scenario, 
as I understand it, if the recipient of such a spoofed message were on a 
server which was coincidentally checking spf , which failed against my 
info.  The other majority would still get the message.  In the longer 
term, it might be increasingly effective, if the percentage of adoption 
goes up, and SA3's inclusion of SPF will insure that.

So it's interesting, that I checked headers on the Users Digest a bit 
ago and noticed the following:      No spf record for 
(incubator.apache.org).  Any thoughts on whether this will change?  
What's the general consensus on publishing spf records for domains?

Ben