As I understand, Sender-ID also does not provide a wildcard mechanism.
This leaves a general problem of needing a means to express various mail
polices regarding a domain and perhaps subsequent sub-domains. This
could include whether all messages are signed digitally, all use CSV,
etc.
The Not Authorized aspect of CSV-CSA was intended only to offer added
protection, should a system be considered vulnerable to being
compromised. Such as a system may provide web or shell services, but is
not intended to be sending mail. A specific removal of this host from
being authorized adds additional protections from Trojans. The CSV-CSA
record was not intended to be published at every SOA. A general policy
record could fulfill this role, but it should not be encumbered with
excess baggage, as to make obtaining the information problematic or
require additional lookups.
-Doug