ned.freed> (At long least we've reached a matter of operational realities,
rather than discussion of what the various fields mean.)
Consensus on what the data we exchange "mean" is the only ground for
(inter) operational reality. But of course, "meaning" isn't an inherent
property of the data, often, it emerges in *use*. A piece of data can have
multiple (even contradictory) meanings in different contexts, for different
actors. This realisation can lead us to a valuable engineering insight - we
can specify an enabling mechanism which supports the different uses
(meanings) that may be made by various entities but needn't necessarily
(although we may) endorse, or deprecate, any particular use.
Whatever. The point I was trying to make is that there's a big difference
between discussing the intended use of various fields and discussing their
actual use and the implications of that usage. IMO in the present situation we
need to be focusing on the latter.
I find it clearer to think of the former in terms of "meaning" and the latter
in terms of "operational reality". But if you prefer to consider both of them
to be "meaning", albeit of different sorts, the more power to you.
But none of this brings us any closer to understanding why we should or should
not perform authorization checks based on the MAIL FROM address. So this will
be my last message on this subtopic.
Ned