I hope this isn't re-hashing old ground but an idea has occured to me
that would, I think, help with the current deluge of mail from worms that
forge From: addresses.
The idea is to "sign" the From: and Message-ID: pair using
a public key scheme, and add the signature as a new header.
You need to sign the message content. Otherwise a worm could take a From and
Message-id from a completely different message and prepend it to its own
message.
You don't want to use From as the sender identity, because there are perfectly
legitimate cases where From is different from the actual sender. You don't
want to use Return-Path either, because that's where bounces go and there are
sometimes good reasons to send bounces to a different place than the address
associated with the sender's identity. The Sender field was originally
intended for this purpose but that's been corrupted due to wide misuse by
mailing lists. So you need a separate identity for "the person who signed the
message".
Of course if you just want to sign messages then S/MIME will do the job. What
you seem to want is to make it difficult for worms to forge messages. That's
very tricky because the sender's machine has already been compromised. So for
instance the worm could set itself up to record the sender's password (or
whatever is used to encrypt the signing key) whenever it was typed in, and the
worm could sign messages on behalf of that person. It could even transmit
that person's public key to other machines so that the other machines could
sign messages from that person.
To really fix the spam problem, and the virus/worm problem, Windows needs to
be eradicated and replaced with something that actually has some degree of
security. That's a bit over-simplistic, but it's close.
Keith