C) Its a postcard type site.
First I'm equating "postcard" with "Greeting card." If this is incorrect
please say so.
This is problematic because the postcard sites do not in
general authenticate the forwarding requests and so even
a legit site can end up being used to spam on a small scale.
The real problem with these scenarios is that we depend on
the party that
sets Sender to perform authentication checks on incomming mail.
Greeting card sites, "refer a friend" sites and the like can still be
accountable, at least for themselves if not for those who use the site. They
were hit by spammers really early in their existence (Blue Mountain Arts
appearing on the RBL, for instance) and have learned from their mistakes.
It might be a stretch to assume that such enterprises will wish to be
accountable, but it's a stretch I'm prepared to make to accept mail from
them. If they want to be held accountable they will do what they can to
prevent abuse of their system. Based on that, if they can use their own
identity in RFC2821 MAIL FROM or HELO or both, I won't mind if the RFC2822
From line is different. As was pointed out by many people myself included,
mailing lists do this already and many of us believe this behaviour is still
possible with a scheme developed here.
--
PGP key (0x0AFA039E):
<http://www.pan-am.ca/consulting(_at_)pan-am(_dot_)ca(_dot_)asc>
What's a PGP Key? See <http://www.pan-am.ca/free.html>
GOD BLESS AMER, er, THE INTERNET. <http://vmyths.com/rant.cfm?id=401&page=4>