Well, what do you know?
I don’t know if they have been doing them all along and have only finally decided to expose the result, but I logged into my Yahoo mail the other day and checked out the message headers of a mail in my inbox. I was surprised to discover that Yahoo is now exposing the Received-SPF flag indicating whether the inbound message passed or failed a standard SPF check.
To be sure, Yahoo still doesn’t publish SPF records, but at least now I can confirm that they are verifying SPF on the inbound. Gmail exposes this header, and Hotmail exposes the SenderID check in clear text as well (via the X-SID-Result header). This is useful for downstream users/MTAs that want to take action on a trusted sender and require authentication to make it occur. DKIM is a stronger mechanism than SPF or SenderID, but SPF is by far the most commonly used protocol for doing authentication.