Re: Hacking back against forged attacks
added the ability to put the correct MX DNS info records in place to specify which servers are authorized to send e-mail for the domain, and I haven't seen it happen since.
Ahh bless. You think anyone takes any notice of that? AOL certainly doesn't (yes, I've had bounces from AOL of spam that's come no-where near my systems and the originating IP isn't even in the same country as me).
In short, like most of SMTP - those domain SPF records are only any use if receiving domains check them. And a large minority don't.