Does friends bypass SPF?

At 8:45 AM -0400 10/28/06, Vinny Abello sent email regarding

[SurgeMail List] Does friends bypass SPF?:
>I think I remember this conversation one time before but
forget the outcome.
>
>I received this message which was clearly spam. It was
forged as 
>from roberttellurian.com who is on my friends list,
but my SPF 
>settings are set to explicitly block SPF failures. This
clearly does 
>not match our SPF record as it came from outside our
defined values.
>
>In short, is there a way to prevent this from happening?

Yes. Friends does override SPF. IMO, it should not --
especially from 
local domains! You have to explicitly tell SM that you
really mean it 
for that domain: g_spf_noallow