Our mail servers were being spammed and joe jobbed to death and I decided to apply the qmail SPF patch. It was configured to just insert the SPF header rather than rejecting mails.
As it turned out, most of the spam (that were so obviously joe mails) didn't have a reject header created. Apprently very few system administrators have bothered to create SPF records for their domains. Thus the qmail SPF as a spam filter turns out to be ineffective. It had to be removed anyway when the goodrcptto patch was installed because they were not compatible with each other.
Now it's time to take another look at SPF, this time we are creating our own SPF records so that joe jobs with forged sender addresses associated with our domains will be rejected by other mail servers. I am not keeping my fingers crossed though. If sysadmins haven't rushed to create DNS records it's unlikely that they would have added SPF support to their mail servers either. But there is no harm in trying.