Little tech hints. As a part of reinstalling my home server recently, I switch from exim to sendmail (horrors!). I have been trying to reestablish all the spam-related filters, but it has been a pain. "milters" for clamav, dkim, not too bad. Having to read up on sendmail's configuration language, well, an eye opener.
To enable SPF checking (via the Return-Path:) header, despite being piped through .forward/procmail for local delivery, add to sendmail.mc:
define(`LOCAL_SHELL_FLAGS', `P')dnl
To enable others to perform SPF checks to block forgeries from nonexistent *subdomains* of a domain one owns, add *wildcards* to the zone
$ORIGIN my.domain.org * IN TXT "v=spf1 ..." * IN SRV "v=spf1 ..."