The 3 model picture follows from what has been said
about 'use' and
'meaning'; that is, either prescribed by "authority", left to the
recipient, or hinted by the publisher. I would strongly
support the 3rd
way. I guess that I'm coming to where you are from a
different direction.
What I am saying is that the sender is not saying use a
particular type of authentication, the sender is saying
"This address is frequently the target of impersonation
attempts, if you have the capability to perform rfc822
From verification it is important that you do so and great
weight should be placed on any negative finding".
That is not a directive to apply a particular type of
auth, which the group is rightly seeing as an impractical
proposition. But the targets of phishing attacks really
need a means today of saying 'take the sender address really
seriously'. I suspect that this requirement will become
very much more widespread in the future.
Phill