I was wondering how good is adding SPF to a host with catch-all emails in preventing spams. Web hosts suggest to turn off the catch-all emails. But what if there is need to turn catch-all emails, then does SPF record do a good job in preventing hacker from sending out emails that appear to originate our web host?
SPF records are only useful if the receiving host checks the SPF records on the sending/senders domain, but then if someone(spammer) uses your address as a reply-to addr your stuffed as many isp's don't check SPF's! Personally use an Anti-spam service like Messagelabs / setup your own on your web/mail server (i.e spam assassin) or like your host has said disable your catch-all mailbox.