...
Use a local, caching, non-forwarding DNS sever
Some DNS Blacklists and Whitelists will block queries from DNS servers issuing what they consider too many queries. This is often avoided by running a local DNS server. Also, it's good for performance.
Run SPF at your MTA
SPF is intended to operate on the envelope sender (SMTP protocol MAIL FROM) which is not available in a standard way by the time the email gets to SpamAssassin. The solution is to run SPF at your MTA (Message Transfer Agent, such as Postfix, Exim, Qmail, Sendmail, etc.). This is, of course, dependent on what software you're using, but it should insert a Received-SPF: header for use by SpamAssassin. If you do not run SPF at your MTA, you really should set ignore_received_spf_header 1
so you don't end up honoring headers inserted by spammers.
...