My problem with all of these is that each identity in
question addresses
a different problem, and my question is whether this
mechanism, MARID,
is the right tool for solving these three problems. I.e.:
1. 2821 HELO/EHLO domain and in-addr.arpa
Goal: Seeks to provide protection against hijacked machines sending
viruses/spam
2. 2821 MAIL FROM.
Goal: Seeks to protects domains from getting bounces from joe-jobs
3. 2822 From:/2822 Sender:
Goal: Seeks to protect domains from joe-jobs and phishing
I am 100% with this, one change I would make is to avoid using
the term 'joe-job' and use 'impersonation spam' instead.
The other point I would raise is that identities (1) and (2)
are most appropriate as anchors for accreditations to be
processed by automated spam filters. It is not necessary
for everyone relaying mail through comcast.net to have an
accreditation for their individual domain, it is only
necessary to know the message comes from an ISP that
has a reasonably effective anti-spam policy.
There is much more that can be done with (3) beyond the
steps suggested, but in my view this would be best looked at
in the context of other authentication mechanisms such as
S/MIME.
Phill