PGP is not meant to be run on the server, and therefore cannot make decisions about accepting or rejecting email.
Additionally, PGP relies on a "web of trust" managed directly by the user. There is no way for a server to automatically discover the key from $YOURBANK to decide if the email is legit; you need the bank to give you their fingerprint through a side-channel. _pka DNS records help, but is that simpler than SPF?
> PGP is not meant to be run on the server, and therefore cannot make decisions about accepting or rejecting email.
Why not? To check a signature you're using a public key of the other party, so nothing prevents you from adding a milter that would check incoming mail against a list of public keys you trust, without compromising/sharing any secret key material with the server. (As long as you trust your server.)
Anyway, point of PGP is that you can do the checks end to end between MUAs, not just between MTAs. Relying on DNS to distribute key material is not that great anyway, so PGP with keys shared via a better channel, is more secure. (Less convenient too, perhaps, depending on your MUA.)
Additionally, PGP relies on a "web of trust" managed directly by the user. There is no way for a server to automatically discover the key from $YOURBANK to decide if the email is legit; you need the bank to give you their fingerprint through a side-channel. _pka DNS records help, but is that simpler than SPF?