Re: Government mail/DNS administration incompetence.
SPF was a good idea, but... people implemented it wrongly and didn't include their external ESPs and suchlike which meant that SPF gradually became useless. It also doesn't handle cases where recipients auto-forward messages to their other address (and don't claim that SRS is workable). It's a score in a spam filtering system only.
DMARC however supersedes it by signing emails and publishing the public key in DNS... and it works much better. Except organisations aren't keeping the keys up to date and other orgs don't have the balls to flat-out reject anything that doesn't pass. There's still some promise in the system though, unlike SPF which is defunct.
Biting the hand that feeds IT
