This proposal seems related to our work:

http://www.shaftek.org.nyud.net:8090/blog/archives/000148.html http://antispam.yahoo.com/domainkeys

Summary, after a quick browsning of the draft:

An MTA (usually a border MTA) signs all outgoing mail. The signed data includes the message body and selected headers. Signature is added as a message header. The receiver examines the signature-header, looks up the corresponding public key in DNS, and verifies the signature. The Sender: and From headers are also involved in the verification in some way, but I don't understand precisely how.

Potential problems:

* MTA have to generate signatures for all outgoing email. (But a mailing list can use the same signature for all copies; that's the traditional scaling advantage of public keys. list-bots usually insert a Sender:-header, right?)

* They sign message contents, hence need canonicalization of headers and body. Not kosher from an SMTP-point of view.

* I think they have the same problems as us with people using unrelated MTA:s for in- and outgoing email.

* Potential patent sillyness, I haven't tried reading Yahoo's patent license carefully.

Like spf, I don't think it's particularly useful in itself, but it may be another way to let mail from white listed domains bypass hashcash.

Regards, /Niels Möller