[svlug] mandatory SPF?

[Rick Kwan]

I am the administrative contact for a domain name belonging to a
non-profit organization.  We are hosted a machine belonging to a
respected SVLUG member.  (In other words, someone other than me. :-)
We use virtusertable to re-direct mail from the domain to personal
e-mail addresses.  For example,
    chair at nonprofit.org     me.myself at mydomain.com
Furthermore, SpamAssassin is being used to filter incoming mail, even
for addresses in virtusertable.
 
Nevertheless, I've gotten several complaints from people about the
onslaught of spam.  Our organization e-mail addresses have probably been
harvested by spam houses many times over at this point.
 
At this point, I'm thinking about only accepting e-mail that can pass
SPF authentication.  We occasionally get mail from our members,
predominantly those in the Bay area.  We do have dealings with staff and
other members in Virginia and a western regional office in Los Angeles.
We pretty much never receive legitimate e-mail from outside the U.S.
 
This draconian step only applies to the mail aliases that we use to
forward to people's personal addresses.  It is extremely unlikely that
anyone uses the non-profit addresses for personal mail because they are
likely to lose the address as new officers and directors are elected or
appointed annually.
 
The goal, of course, is to make the e-mail aliases more usable.  By cutting
down dramatically on spam, the officers and directors are much more likely
to pay attention to legitimate mail coming through.

Does mandatory SPF authentication sound outlandish?
Has anyone tried this?

--Rick Kwan