There is a third way. The first way is for us to formulate some
prescriptive statement, endorsing "authentication" of one or more of these
"identities". The second way is a purely descriptive approach, describing
the outward MTA configuration for a domain (PHB, I think), and to be
agnostic on *use*.
A third way would allow a publisher to suggest (or even require) the
identities that the record should be applied to.
I think that's a little prohibitive, simply because of the complexity it
will add to implementations. At the moment, MTAs don't look at the
headers much if at all -- just the envelope. It would be nice to keep
things at that level, so that what's proposed is adoptable.
Ari