Hi,
- SPF: Get them to correct their errors in the dns config. Yes, it takes a wile - you can think of just making spf-hard and softfails as susp spam, deliver them to the mailboxes and merge them to junk
- domain blacklisted: It is a good thing to just get rid of certain senders, spam bots, etc. From what i've seen the same kind of mails usually get to you using different accounts, hosts and domains. Therefore analyse your bad inbound mails, instruct users, get symantec feedback, think of submitting mails, etc.
But, using local bad senders as local bad ips is useless as a long term thing.
- updating: fair enough
- Another simple way: Again, analyse the bad guys. Eg approx a year ago i invented a couple of content rules like (envelope sender <> pattern)&(sender = pattern)&(message contains words in dictionary). But its very specific and i thinks it depends on business, region, etc
Thomas