i think there are two worthwhile solutions that can be built on
authentication.
1) Authentication of valid use of domain name + Accreditation
2) Eliminate impersonation spam aka 'Joe Job' that decieves the
_HUMAN_RECIPIENT_ as to the origin of the message by
preventing unauthorized use of a domain name in RFC822 From
header.
From the point of view of accreditation it simply does not matter
what part of the message you choose to authenticate, it can be HELO,
it can be 821 From, 822 From, Reply-to, even a received header. It
does not matter because the only use for the data is to determine
that the sender has a valid claim on the good reputation carried in
the accreditation.
If you do not do accreditation I see absolutely no value in
authenticating headers and protocol data values that are only ever
seen by machines.
From the point of view of providing value from this spec as a
stand-alone work I don't see that there is much value unless we
address issue (2). In that case we do quite a bit to mitigate
phishing attacks, even though some MUAs do not display actual
rfc822 addresses.
Either way any mail will have to be relayed through an IP address
that holds an authentication credential (i.e. its IP address is
listed).
I think the small number of geeks who set up their laptops to send
out mail direct from their hotel rooms can figure out the necessary
dynamic dns tweak to make it work. The rest of us will relay their
mail through a static server.
Phill