The Situation
A simple "Contact" form on a website. The form allows people to enter their name and e-mail address, so that the message appears to come from them, and the site owner can use their Reply button to reply to the sender (and not the web server!).
The Problem
The problem is defining what the "sender" e-mail address is, which is then compared with the address's domain's SPF record to see if it is coming from an authorised mail server.