But here, you assume that the RFC2822 identities would be the logical
next target. I'd think that the spammers would be more
likely to take a
less subtle approach and try to subvert the authorization
the case of several approaches, this would mean DNS
poisoning, denial of
service attacks against nameservers, and other such trickery.
I think that the attacks you propose are brittle, entirely infeasible
on a bulk basis even if the attackers had the ability.
Forging RFC822 is trivial.
How aout we compromise here?
Put all the parts of the draft I suggest be non-normative off
in a separate document. Focus on defining the normative text
and getting that approved.
The non-normative text is delivered when nits are ironed out.
It would be informational so updates are much easier.