Hello,
In your interesting comments to the FTC Email Authentication Summit
(http://www.ftc.gov/os/comments/emailauthentication/512447-0043.pdf),
you say:
If implemented this authentication method would burden or eliminate
an important avenue for anonymous or pseudonymous communication -
communications in which the sender has purposely chosen not to
authenticate his or her message or to link it to an offine identity.
...
Likewise , we are well served by an email environment that lets us
send anonymous , un-authenticated communications or digitally signed
mail. Forcing authentication on every email sender cuts off entire
categories of speech.
...
The alternative of sending email through a third- party domain ,
such as that of an ISP or webmail provider, is not satisfactory.
It seems you are seriously overestimating the amount of anonymousity
you can get with email now. If you believe you are anonymous just
because you set the From: header to 'Something <nowhere(_at_)no(_dot_)nil>', you
are wrong. The examination of the headers by an expert will give
exactly as much information as he will get via SPF.
SPF will make the process automatic, allowing authentication of every
message, authentication which will be usable by ordinary users or by
automatic software (such as a whitelister). But a dedicated expert can
easily, today, trace you just as well.
The solution you dismiss as "not satisfactory" (using a proxy such as
a privacy-friendly provider or an anonymous remailer) seems the only
serious one, both today and in a future "all SPF" environment.