One thing that bugs me is why we must now implement domainkeys on top of SPF. SPF pretty much does everything domainkeys does but simpler.
Because SPF is a broken hack that doesn't properly accomodate the forwarding of email without the use of other complicating hacks such as SRS which mangle the sender address.
SPF should have been scrapped years ago. Instead, most large organizations use "?all" in their SPF entry (typically because of the forwarding problem), putting SPF in advisory mode which negates the whole purpose of having it anyway.
DomainKeys at least provides a solution for the original problem; the ability to determine whether an email came from a mail server that was authorized to send from that domain, -and- the ability to embed that signature into the message itself rather than relying on only the source IP address to give that information.
Everyone has different opinions on the usefulness of SPF, but the reality of it is, DomainKeys solves the entire problem. SPF doesn't.
Where does DKIM fit in all this? Could Exim compile it in without the license restrictions of domainkeys? I use Directadmin which is based on exim and dovecot.
http://wiki.exim.org/DomainKeys http://wiki.exim.org/DKIM
Matt