Just seen in freshmeat, "Thunderbird Extension for Sender Policy
Framework". At first blush, this appears to be more along the lines of
PRA, not SPF, checking. The rush to implement these kinds of things FOR
USERS could be (or has been, take your pick) problematic for SPF.
Thunderbird Extension for Sender Policy Framework
http://taubz.for.net/code/spf/
The extension looks for the email address of the sender in the
From: header (ex. sender(_at_)aol(_dot_)com), and it looks for the IP
address of the server that sent the email from the first
Received: header (ex. 124.125.100.50). It then contacts a query
server, sending it the email address and IP address, which
responds with whether that server is permitted to send email for
the domain name of the email address (ex. aol.com).