I've set up SPF on my Postfix install recently and added SPF records for my own domains. In my research I've come across a few articles that claim that SPF is not a good solution (SPF considered harmful ). From what I've seen, they center around the proposition that SPF requires a change in user behavior and that this cannot be accomplished. Further they claim that SPF isn't effective anyway and point out that most spammers actually have SPF records.

I disagree and I'll address both of these points:

1. Requires changes in user behavior. Yes and no. What's actually required is changes in service provider's behavior. The example that is thrown around as being unsolvable without the end user learning the vagaries of SPF is email forwarding. The argument is that if a user decides to use an email forwarding service, then they'll have to know to add this information to their SPF record. This much is true. However, it's not as if they need to learn SPF to do so. The email forwarding service can easily query the domain's SPF record themselves and notify the user. If the forwarding service also happens to be the DNS provider (fairly common) then they can just make the changes themselves. If they aren't the DNS provider, they can at least offer a copy of the recommended SPF string. Further, the DNS provider themselves should provide an easy way to make the changes that don't involve knowledge of how SPF works.
2. SPF doesn't block spam, and in fact, spammers have adopted SPF in an attempt to look legitimate. I think this is a marked victory for SPF. The purpose of SPF is not to block spam and to claim it fails at it is a straw-man argument. The point of SPF is to verify that the From header is allowed from the particular host that sent it. In short, it's a form of identity. So now spammers must use their own validated domains or validated forwarding services to send mail. This makes it much easier for end users and service providers to determine who the spammer really is. SPF is not spam prevention, it's identity-theft prevention.

SPF does have some silliness that ought to be removed (e.g. SOFTFAIL), but overall it is a decent idea that belongs in every service provider's toolbox.