Why you should press your hosting company for SPF.
If all mail sending and receiving servers implemented SPF, we could knock a lot of spam on the head. Here's why and how...
SPF (Sender Policy Framework)
What is it? It's a declaration made by domains saying which servers they use to send email.
How can that help?
Imagine firstname.lastname@example.org sends you@yourcompany an email (it's come from IP 220.127.116.11). Your mail program contacts mycompany.com and asks: do you ever send emails from 18.104.22.168? Let's assume the email is legitimate and mycompany.com says yes. The email is accepted.
Now lets imagine a spammer sends an email purporting to be from email@example.com. It won't have come from the official source, maybe a server at IP addresss 22.214.171.124. Again, your mail program contacts mycompany.com and asks: do you ever send emails from 126.96.36.199 ? This time mycompany.com says no. The email is rejected. Simples!
There is a third response possible from mycompany.com which is equivalent to don't know and receiving mail servers can take this either way. Until all sending computers answer yes or no there will be the possibility for spammers to get their message through.
The radical in me would want to (a) check all email and (b) reject emails that can't for sure be said to come from the declared domain (reject on "no" and "don't know". Maybe that's a step too far at the moment but in the meanwhile...
ask your ISP to implement SPF checks on incoming emails
(our Group Servers do that by default)
...available at openspf.org.