I considered such a scheme, but then thought about it and decided against it. Why? Because I'm reluctant to take the extra step to authorise myself. It's irritating when I reply to a mailing list post, CCing the person, and get one of those requests. 99% of the time I ignore it. If I wanted to contact someone then I'd probably do it though.

I am quite fortunate, as I rarely get spam. I used to get quite a lot, then analysed it and noticed that 95% was from two servers, where some asshole was using my email address as a spam hole. I firewalled those hosts after checking who they were, and confirming that no valid correspondence had come from them.

I like the idea of SPF, as Courier esmptd is sensible and allows authenticated relaying by default. Also, as I use webmail mostly outside of my network it works fine.

The real aim of Yahoo!s system is not to authenticate the server though, it's to authenticate the email as being from a valid user. I can see this catching on in corporations, as it'll add a layer of knowledge to the receiver.

As Sam says, msa is rarely blocked as it is an authenticated port. It's also rarely used, so awareness of its existence isn't that high. Configure roaming clients to use this, or get people to use webmail if it's blocked. The problem would be a high-quality webmail system. Sure, squirrelmail works, but it isn't exactly pretty...

Anyway, I'm a bit tired now, I'll think more when I'm awake ;)