(At least, I wouldn't describe DNS as "decentralized"; it's more like a distributed data base with some degree of local control over portions of the data base that provide local information to all users of the data base.)
Except that DNS _is_ decentralized in the very real sense that proper use of caching means that queries to authoritative servers will be vastly outnumbered by resolvers answering from their local cache. DNS is also decentralized in that anyone can decide to have as many authoritative servers as seems appropriate for their own traffic.
Instead, the problem occurs when an incoming email requires an SPF (DNS) lookup for a *remote* site.
I don't know about your setup, but in my configuration I am performing multiple DNS lookups for each and every e-mail that hits my port. Even if you aren't using blacklists or other DNS-based measures, every connection to port 25 on your server should trigger the single DNS lookup (peer IP address to name).
At that point, the fact that DNS is ultimately centralized and must be queried in a manner that provides some degree of trustworthiness for the resulting data implies a potentially fatal bottleneck for email deliveries involving SPF (or DomainKeys) lookups.
And here, you've completely lost me. _I_ control all DNS lookups for my domains, using the well established trust relationship between Root servers, TLD servers, and my directly controlled servers. If I choose to provide SPF records for my domains (check 'em out), they are just as trustworthy as my A or MX records. No one can forge an SPF record for my domains (short of a compromised caching server, which only affects people using that cache).
John
