SPF, please
Alright, computer people (not to be confused with “party people”), it’s time to fix the internet. Or at least part of it. Implement SPF right now on your own domain, and start looking it up when you accept mail. I’m already so sick of getting joe-jobbed, it happens weekly to one of my older domains which I hardly use anymore for mail. I get to spend my mornings deleting bounced mail from random IP addresses of virus-infected machines and open relays.
Why has it taken until now to come up with a reasonable solution for domain forging? I don’t know. Everyone knows that SMTP is horribly broken, but it’s hard to fix something so entrenched.
There’s just no good reason not to at least publish a soft-fail SPF rule. Just do it. Right now. Well, unless a giant, slow-moving registrar is running your DNS, in which case you can’t add a TXT record to your domain. I’m sure they’re having meetings about that and you’ll see it in their web interface within the next 3 years.