Does anybody not agree that designated sender is the best way to combat
RFC2821 MAIL FROM forgery? Show of hands please ...
Does anybody not agree that crypto is the best way to combat RFC2822
header From: forgery?
I think thats the wrong way to look at the issue. The cost of IP based
authentication is so low compared to other mechanisms that in this case
it is applicable in both cases.
So far apart from a handful of folk saying that they just have to send
their email from their laptop direct I don't see the cases that just
have to be done with cryptography.
I think that it would be reasonable to have a set of flags to say what
the match should be. I would like to prevent any VeriSign employee
from sending any email except through the verisign mail servers. That
way we can control in one single place, scan for viruses etc.
Phill