According to an article in ZDNET UK, User authentication for email "may be worse than useless" at preventing the spread of spam, according to Nick Fitzgerald, security consultant at Computer Virus Consulting.
As an anti-spam measure, SPF is broken before it's implemented, as it's not just breakable, it's trivial to break," Fitzgerald told an audience at the Virus Bulletin conference in Dublin on Friday.
"Knowing a message arrived SPF compliantly tells us nothing about the actual sender and the 'spaminess' of the message," Fitzgerald added, claiming that SPF has been "widely hyped" as solving the problem of user authentication.
Fitzgerald's views were challenged by other conference attendees, who insisted that SPF would play a valuable role in fighting unsolicited junk email.
Also see John Levine argues that SPF is losing market mindshare and a related article on ZDNET with more details.