BE AWARE: Please be sure to read about the extension on the extension's website (http://razor.occams.info/code/spf) so you know what the extension is actually protecting you against, and how it works. Not all emails can be verified, so don't be surprised if the extension has nothing to report for most of your email. When you see an email *is* verified, then you can have more, but not complete, confidence in its authenticity.
Critics say the extension uses SPF improperly by comparing the From: address of emails, rather than the return path, against SPF records. it's really besides the point, so don't worry about that.
Many have suggested checking the Received-SPF and Authentication-Results mail headers. There's no way to know if these headers have been inserted by your ISP or by the malicious phisher, so the extension simply ignores them.