diff --git a/postfix-policyd-spf-perl b/postfix-policyd-spf-perl
index 29d5f3f..322111e 100755
--- a/postfix-policyd-spf-perl
+++ b/postfix-policyd-spf-perl
@@ -348,8 +348,8 @@ sub sender_policy_framework {
         );
     };
     
-    # Reject on HELO fail.  Defer on HELO temperror if message would otherwise
-    # be accepted.  Use the HELO result and return for null sender.
+    # Prepend header on HELO fail instead of rejecting.
+    # Use the HELO result and return for null sender.
     if ($helo_result->is_code('fail')) {
         if ($VERBOSE) {
             syslog(
@@ -358,7 +358,8 @@ sub sender_policy_framework {
                 $attr->{helo_name} || '<UNKNOWN>'
             );
         };
-        return "550 $helo_authority_exp";
+        return "PREPEND $helo_spf_header"
+            unless $cache->{added_spf_header}++;
     }
     elsif ($helo_result->is_code('temperror')) {
         if ($VERBOSE) {
@@ -368,7 +369,8 @@ sub sender_policy_framework {
                 $attr->{helo_name} || '<UNKNOWN>'
             );
         };
-        return "DEFER_IF_PERMIT SPF-Result=$helo_local_exp";
+        return "PREPEND $helo_spf_header"
+            unless $cache->{added_spf_header}++;
     }
     elsif ($attr->{sender} eq '') {
         if ($VERBOSE) {
@@ -442,10 +444,12 @@ sub sender_policy_framework {
         );
     };
     if ($mfrom_result->is_code('fail')) {
-        return "550 $mfrom_authority_exp";
+        return "PREPEND $mfrom_spf_header"
+            unless $cache->{added_spf_header}++;
     }
     elsif ($mfrom_result->is_code('temperror')) {
-        return "DEFER_IF_PERMIT SPF-Result=$mfrom_local_exp";
+        return "PREPEND $mfrom_spf_header"
+            unless $cache->{added_spf_header}++;
     }
     else {
         return "PREPEND $mfrom_spf_header"
diff --git a/postfix-policyd-spf-perl.in b/postfix-policyd-spf-perl.in
index 83dbf78..a626c89 100644
--- a/postfix-policyd-spf-perl.in
+++ b/postfix-policyd-spf-perl.in
@@ -348,8 +348,8 @@ sub sender_policy_framework {
         );
     };
     
-    # Reject on HELO fail.  Defer on HELO temperror if message would otherwise
-    # be accepted.  Use the HELO result and return for null sender.
+    # Prepend header on HELO fail instead of rejecting.
+    # Use the HELO result and return for null sender.
     if ($helo_result->is_code('fail')) {
         if ($VERBOSE) {
             syslog(
@@ -358,7 +358,8 @@ sub sender_policy_framework {
                 $attr->{helo_name} || '<UNKNOWN>'
             );
         };
-        return "550 $helo_authority_exp";
+        return "PREPEND $helo_spf_header"
+            unless $cache->{added_spf_header}++;
     }
     elsif ($helo_result->is_code('temperror')) {
         if ($VERBOSE) {
@@ -368,7 +369,8 @@ sub sender_policy_framework {
                 $attr->{helo_name} || '<UNKNOWN>'
             );
         };
-        return "DEFER_IF_PERMIT SPF-Result=$helo_local_exp";
+        return "PREPEND $helo_spf_header"
+            unless $cache->{added_spf_header}++;
     }
     elsif ($attr->{sender} eq '') {
         if ($VERBOSE) {
@@ -442,10 +444,12 @@ sub sender_policy_framework {
         );
     };
     if ($mfrom_result->is_code('fail')) {
-        return "550 $mfrom_authority_exp";
+        return "PREPEND $mfrom_spf_header"
+            unless $cache->{added_spf_header}++;
     }
     elsif ($mfrom_result->is_code('temperror')) {
-        return "DEFER_IF_PERMIT SPF-Result=$mfrom_local_exp";
+        return "PREPEND $mfrom_spf_header"
+            unless $cache->{added_spf_header}++;
     }
     else {
         return "PREPEND $mfrom_spf_header"