On 8/02/2017, at 1:03 PM, Jasper Bryant-Greene <jbg@rf.net.nz> wrote:

SRS is the solution to this and is a standard, available on most mail systems. SPF is a good idea according to most of the internet, and is very widely implemented, so I suggest just getting with the times and fixing your mail relay to rewrite sender addresses according to the SRS standard rather than claiming to send mail for domains it's not authorized to do so for.

I have found several articles saying that SRS is, like SPF, basically broken in that it doesn’t handle any situation where multiple relays are involved (not prepared to comment on whether that is right or not), hence my reluctance at this stage to using it.

I agree that in principal SPF is a good idea but it breaks mailing lists, forwarding and relays.  It has been my believe that using ~all (soft fail) is better than -all (hard fail) so that various anti-spam systems can use the soft fail as a contributing weighting, along with other things to determine what should be done with a message and to not rely on just the SPF.