If we really want to make mail traceable, we need to do a bit more than
fix Received. As I see it, we need:
- A message hash function that is invariant across the various kinds of
munging that happens in mail transport, but still good enough for
non-repudiation (though it probably won't be good enough to serve as a
general-purpose signature)
- A new header field which associates the message hash, originator-id,
timestamp, and originating ISP or organization, which is signed by that
originating ISP or organization, and which is easily verifiable by
recipients or MTAs
This has some general utility, and is also needed for anything along the lines
of the "domain keys" transit validation mechanism.
d/