I'd like to see SPF or something like it become pretty mainstream. My company provides mail hosting (and web, etc) and interestingly as ISPs start to force their customers to use the ISPs mail server for outgoing mail (which restricts self-mailing viruses and spam) the customers can't use their domain's mail server for SMTP (ie the server I look after). I wonder how useful SPF will become as blocking outgoing SMTP traffic becomes more popular.

To answer the question yes at least one of our domains (my company's, not our client's) domains have been used in forged From headers. We got bounces and only a couple complaints from people who weren't able to read the headers and see we didn't send it. Other than the mail server load it wasn't a big deal. It could have been worse.