(At long least we've reached a matter of operational realities, rather than
discussion of what the various fields mean.)
Who has authority to set the mailfrom?
The simple theory is that the original submitter sets the field. It may
subsequently be changed by list processors.
If more than one entity has the
authority, what is the relationship among them?
See above.
If we validate that the field is authentic, what good is that?
The benefits are huge. In brief, if I, an email user, look at my inbox, I find
three sorts of messages in it that I don't want to see in there:
(1) Pure spam sent to me directly. A variety of filtering faciliteis can
be brought to bear to reduce this to manageable levels.
(2) Pure virii sent to me directly. These also can be blocked.
(3) Joe-jobs sent using my address that end up bouncing to me in a variety
of formats due to my address appearing in the origina message's MAIL FROM
field. Due to the large variety of formats used and the varying amount
of information returned these are extraordinarily difficult to block
without also blocking legitimate nondelivery notifications.
A widely deployed authorization system that checks MAIL FROM addresses stops
(3) in its tracks. It does this by preventing joe-jobbers from sending mail
using my address in the MAIL FROM field to other people. It is important to
note that my checking of the use of my own domain is mostly irrelevant; what
matters is that everyone else does it. (Actually, having a few large ISPs do it
would be of significant benefit.)
What will be better?
The trash that's hardest to block is reduced.
What will not be changed?
Someone can still forge mail purporting to be from me in the message header.
To the extent that spammers use stolen addresses in their mail, this measure
will provide some reduction for a short period in the amount of spam that is
sent. However, spammers will adapt and start using addresses in MAIL FROM
fields that are not protected. But doing this has the side effect of
eliminating (3). And remember, spammers don't really care about (3) - its just
collateral damage their activities bring about.
Another factor to consider is the possibility this will lead to attacks on the
DNS. While this is always a possibility, I don't think it is a likely one. It
will always be much much easier to simply find and use an unprotected address
in the MAIL FROM than it will be to attack the DNS just to be able to use a
particular address.
Ned