- All spam is spoofed, so it will fail the IP/domain match and won't get past the challenge.
- The vast majority of legitimate mail will pass the IP/domain match, so will be delivered without needing a challenge.
- The only legitimate mail that needs to be challenged is sent by "power" users, who will know how to deal with a challenge.
This could initially cause false positive problems for some legitimate direct marketers who use some bulk email service providers. However, the problem is quite easily fixed.
Note that this doesn't fight spam, so much as fight spoofed senders. Much like SPF, in fact.
From the quotes attributed to an IBM exec, I’m worried that this mis-reporting might actually be IBM’s fault.