...but didn't think to ask!
Terry Zink is a program manager working for Microsoft as part of their Exchange Hosted Services anti-spam division. He’s a smart guy, who has been kind enough to grace us with everything you wanted to know about email authentication, but didn’t think to ask. His blog is on my “must read” list.
Since June, he's been sharing detailed, deep-dive info on email authentication. It’s been like an “Authentication for Dummies” book. It started out simply, and each successive session builds on the previous one. I’d consider this required reading for anybody who wants to really understand the technical intricacies of Sender ID, SPF, and DomainKeys..
If you want to work your way through the whole series, I'd recommend starting here: Introduction to Sender Authentication.
There are thirty different entries. Think of each of them as a chapter in a printed guide, all chock-full of good stuff. Here's a link to each different section:
Part 1: The Basics of Sending Email
Part 2: Reading Email Headers
Part 3: Checking the Received Headers
Part 4: Forward Confirmed Reverse DNS
Part 5: More on Received Headers
Part 6: Basics of SPF
Part 7: Shortcomings of SPF
Part 8: Best-Guess SPF
Part 9: SPF Syntax
Part 10: More on SPF Syntax
Part 11: More on SPF Syntax (Continued)
Part 12: Some examples of SPF
Part 13: Some SPF odds and ends
Part 14: Introduction to Sender ID
Part 15: How Sender ID interprets SPF records
Part 16: Sender ID vs SPF
Part 17: Hazards of Sender ID and SPF
Part 18: More Hazards
Part 19: How Spammers Evade SPF
Part 20: Advantages of PRA vs. MFROM
Part 21: Some Recommendations
Part 22: Introduction to Encryption
Part 23: Secret Key Encryption and One-way Functions
Part 24: Public Key Encryption
Part 25: Digital Signatures
Part 26: DomainKeys in a Nutshell
Part 27: Public Key Notation in DNS
Part 28: DomainKey Headers in the Message
Part 29: Some DomainKeys Examples
Part 30: The Canonicalization Process
