SPF:None allows mail through

You are correct. The policy server will not reject mail from domains that do not have SPF records. You would not want to reject mail from such domains generally as large amounts of legitimate mail does not have SPF. I'm not sure what the best way to address this particular issue is, but it is outside the scope of this policy server.

From looking on Senderbase, I see that the IP address this message came from has a poor reputation:

http://www.senderbase.org/lookup/?search_string=80.17.201.81

You might consider blocking that IP address either in your firewall or in postscreen.

Hello:

Thanks for your reply - it is as I thought and I do understand why SPF is made like this.
I do wonder though if gives spammers an effective open door, all they have to do to greatly increase their chances of their junk being delivered is to have no SPF entry, surely this is an invite for the SPF system to fail?
Personally, I think it should be an option to block SPf:none if I wish to, the chance of loss is mine to take after all, and such options could encourage the email community to adopt what seems to be quite a good defence.

I currently go through a process every few days to block bad reputation IP addresses, but I really do have more important things to do with my time than constantly examine IP's and add them to a blacklist, I just get other IP's knocking at the door the day after.