An institution receiving phishing attacks can thwart these
efforts by simply signing their email messages based upon the
domain, regardless of the local-part, internal links, or
phone numbers that may appear within these messages. In
fact, most of the phishing attempts endeavor to have the
recipient click on a link which appears to bring them to a
trusted web-site.
Having the local-part of the SENDER header bound to a key
does surprisingly little in terms of improving security or
consumer protection. The real danger would be within the
message, header order, and where a link could take the
recipient. Perhaps the link is to some bogus website that
simply stages a man-in-the-middle attack while logging
user-names and passwords.
You seem to be very definite in your views on this topic.
The banks are concerned to make sure that their anti-phishing solution
does not create new problems for them. If your suggestion was acted on
their bulk mailer would have the means to impersonate the Ceo of big
bank.
That is a risk neither big bank nor the bulk mailer will accept.