I forgot to publish an SPF record for my HELO domain. (I have now added it).
Probably others also forgot it. So please add it.
Just an example:
For delivery failure messages AOL's MTA says e.g.
EHLO omr-m11.mx.aol.com
MAIL FROM:<>
The SPF specification says that in this case the SPF record of the HELO
domain must be checked. But there is not SPF record for omr-m11.mx.aol.com.
So any spammer can say
EHLO omr-m11.mx.aol.com
MAIL FROM:<>
and the mail will not be filtered by SPF.
Therefore AOL should add following SPF records:
omr-m10.mx.aol.com. TXT "v=spf1 ip4:64.12.138.22 -all"
omr-m11.mx.aol.com. TXT "v=spf1 ip4:64.12.138.23 -all"
etc.
Roger