I don't believe that SPF utterly fails for roaming users. There are
many options for you to use.
it doesn't utterly fail. it does, however, tempt DNS zone admins to
impose unreasonable constraints on how mail is sent.
For example, you can use SMTP AUTH over the SMTP submission port to
always submit your email to an acceptable MSA instead of using your
ISP's MTA. While there are many ISPs that block port 25, there is no
reason to block port 587 and almost no one does.
even if your domain has MSAs that accept port 587 and your ISP does not
block it, this may not be a good option. if requires, among other
things, that your MUA know which MSA to use for which return address.
some MUAs do this fine, others poorly, others not at all. (Apple Mail
seems to choose an MSA at random, and if that fails to accept the
message, complain about it.)
and it's certainly true that the zone admin can set up SPF records so
that they don't interfere with legitimate activity. though almost any
attempt to do fine-grained control over which domains can send mail
from which IP addresses is of limited applicability. for any large
group of users, zone admins aren't likely to know enough about their
users' needs to decide what is legitimate for those users and what is
not. and there are scaling and reliability and performance concerns
with doing lots of DNS queries.
of course, there are exceptions, domains for which this works well.
some of them serve millions of users.
Keith