The Best DRM Policy for me is this:
Since what DRM stands for managment, i think the best way to archive this is in the Installation Proccess, force a Internet Connection to the DRM Server, input the CDKEY, your email address and your birthday or any other data. That's it. After that, the Server will give you a Confirmation Key, something like you will need to activate your CDKEY online and attach your CDKEY to your email. This is something like Valve does. Since is not display it in the CD case or in the manual, only you can know it and manage where to store it.
The funcionality and limitations are:
1. The email is attached to your CDKEY. The email address can be only be changed once in X months, validating via the old email first and checking your birthdate. (This is a cool idea, since Valve dosen't allow this, and when i wanted to sell my copy of HL2, i couldn't)
2. The DRM works allowing installations only if the Confirmation Key is entered with the CDKEY at the installation, making imposible to install it if the Confirmation Key is not entered with your CDKEY. If there is a Leak of your CDKEY, let say your ex-friend stole it, some virus gave it to some random website, its ok, since the CDKEY is worthless without the Confirmation Key, generated once by the DRM Server.
3. Since the DRM only checks if the installation is legit, all the later checks, like Server Side CDKEYS checks, there will be not outages because some downtime at the DRM Server side. Soo, if the SADS is online, you are good to go, since there is no actual need of the DRM Server anymore.
4. Unlimited installations.
5. CDKEY Authentification as usuall, one CDKEY online at once. Block the use of it after the first login. Reporting to your email about more than 1 CDKEY attemp to login would be cool.
6. Another cool idea is the implementation of IP Check for the CDKEY. Gunbound of Softnyx.net uses it. It allows the user to define the level of IP Validation for the Online Playing and Buying Stuff. There are 3 levels of checks, each corresponds to the first 3 parts of your IP. Selecting one of this, would block any attemp to use your CDKEY if the PC is using a different IP address than yours or at least is away from your local area. And like the Confirmation Key, this is verified by email confirmation if there is any change requested by the email owner. And is something like this:
Only allow connections using the first 3 parts of your current IP address: E.g.: 200.85.96.xxx
Only allow connections using the first 2 parts of your current IP address: E.g.: 200.85.xxx.xxx
Only allow connections using the first part of your current IP address: E.g.: 200.xxx.xxx.xxx
Allow any IP address to connect
NOTE: The only donwside of this method is that you still be connected to the internet at least when the installation process starts, to check your input.
Excuse the grammar.