On another note, to extend SPF wouldn't it be
a good feature to add something like:
example.com IN TXT "v=spf1 sig:sigserver.example.net"
The 'sigserver.example.net' box could then run
a whois like directory which contains PGP (or other)
signature methods just like the current pgp keyservers.
SPF was not designed to be used on the e-mail after receiving the e-mail
body - but the idea of letting the DNS system point at a PGP keyserver
is very good.
Unfortunately, I think that some people might get a bit confused about
the SPF concept if PGP/GnuPG is getting involved with SPF now. SPF
deployment isn't that big, yet, and introducing PGP/GnuPG will introduce
a lot of explaining and many existing SPF explanations and arguments
will have to be modified (like the one that e-mails get rejected before
receiving the message body).
Maybe another kind of TXT record would be the right way to do it?
Lars Dybdahl.