It looks like I had my first spoofed spam today. I got a very informative delivery failed mail from Google Groups telling me that mail sent from 77.35.63.35, somewhere in Russia, to a non-existent account @baylisscg.org couldn’t be delivered. Of particular interest was [SPF](“http://www.openspf.org/") report which indicated the address was considered suspicious but not banned. A visit to OpenSPF revealed an answer, it looked like my SPF was malformed. Fortunately a quick trip to website’s tools section and I had a correct SPF record in my DNS.
SPF isn’t a magic bullet but it should help keep people from accepting forged spam that appears to come form my domain.