I should be more complete.  SPF isn't a panacea.  There are a lot of options
but the basic function of SPF is to stick into DNS the IP addresses of the
mail servers that can send mail from a particular domain.  If you see mail
from my home machine that says its from aol.com, you dump it into the bit
bucket.  ALL of the spam that makes it through my filter has faked From:
addresses since I use a white list.  Most of my spam that gets rejected also
has faked From: addresses.

It thus forces you to always go through a server that is authorized to send
mail from your domain.  Therefore, when you're off visiting somewhere, you
still have to use your own domain's smtp server.  That might not be possible
if you're behind a firewall.  For example, at Lucent one cannot make smtp
connections out of the company.  One must use internal servers.  Therefore,
russ couldn't send messages from here as rsc@swtch.com or I as
presotto@closedmind.org since we'ld have to do through lucent servers.

It does have the advantage that the current viruses would have a hard time.  They
normally look into your Outlook address file and send mail from your machine as
a myriad of different people that you have contacted.  If most domains used SPF
then the best they could do would be to send mail through their dedicated servers
as themselves (or at worst someone in their home domain).  This really reduces the
distributed spreading power of viruses that use email.  The dedicated servers usually
find out about viruses early and filter hard.  In essence, a virus would stop
spreading as soon as aol, comcase, yahoo, etc figured out it existed.

Of course, that will just select for sneakier viruses, but the sneakier, in general,
the more complex and hence the more fragile.