Hi Juerg,
I've run a little test whether Swiss ISPs use SPF or not and it turned out that very few have actually implemented it (actually, I found not a single one). Is there a reason for that? It's a very simple implementation and it could prevent a lot of damage like the most recent one after Sober.Q.
Well, we do. We are not quite an ISP, but for most of the domains we host, we have started to apply SPF.
Actually, I know that ip-plus has SPF-rules (restrictive) and solnet also does (allow all).
I would suggest ISPs should implement SPF quickly and talk to their customers about it. (See http://spf.pobox.com/ for further information.)
Most of our users have been "victims" in the past of forged from addresses and did indeed understand when we proposed to use SPF. The problem is that if big ISPs like bluewin (where most forged mails come from - at least for us) don't implement it, it's hard to catch the fraud.
Regards,
Jean-Pierre