That's probably the reason why much spam has valid spf records. Get yourself a throwaway domain, so you're getting through the domain check and give that domain a valid spf record which allows all machines in the world to send mail for that domain. VoilĂ - valid SPF record.
That's why I asked which problem SPF is trying to solve.
Ralph
The SPF Qmail patch we use on CentOS Opsys has a special case for SPF from ALL
And we discard on that signal...
At this site...
http://qmail.jms1.net/scripts/service-qmail-smtpd-run.shtml
SPF_BLOCK_PLUS_ALL=1
Some spammers have found a way to work around SPF filtering. They simply purchase their own bogus domain names for ten dollars each, give them SPF records which contain "+all" (which says that every IP on the planet has permission to send mail "From" their domain), and use their own domain name as the sender address in their spam.
If this variable contains a non-zero value, any such SPF record will be changed from "+all" to "-all" before the SPF test is performed. Since most spammers have "+all" as the only term in their SPF record, this effectively blocks every IP address.
Anyways, to get more back on topic, I cannot image it would take more than 2 minutes for you to do an SPF record for your main domains
Then, depending on whatever mail server software you are using, find the DK or DKIM howto and implement.
Should be easy right?
- rh