Looks to me as if you can still deploy an SPF record that says
that A, B & C are authentic university of Cambridge mail servers.
What you are saying you cannot do is to add a final -all to
exclude the universe of all other mail servers.
That's pretty worthless. What we need is a method of identifying
forgeries, not a method of identifying legitimate email.
Disagree. I think the PASS case will end up being much more important for
anti-spam end game, than the other result cases. For anti-forgery, maybe you
need the binary answer, and those corporations who have a serious problem with
forgery (phishing) will be sure to declare "-all" if they need to solve their
problem.