I wanted to start a thread about email spoofing and phishing, since our clients are noticing an increase this past year. Recently, Cloudfare announced they are releasing a new tool, described here, which I hope to implement as a test. If anyone else has experience or is testing this tool, I hope this discussion can be of use.
It looks like it may just be email forwarding. Maybe it will use SRS so spam filtering won’t be a problem. If they don’t use SRS, however, they’ll break SPF on the way in because after all of their talk of spoofing, they’ll just be expecting us to let them spoof when sending to us 
It looks like this will require at least 2 domains for users. One that people send to, and another that they host with us.