"Alan" == Alan DeKok <aland(_at_)ox(_dot_)org> writes:
Alan> How can the recipient distinguish such mail from forged
Alan> spam?
Clearly the recipient cannot. In the case where the organization is
unable to implement a policy requiring users to use the corporate
MTAs, the organization will be unable to publish a useful MARID
record. Per-user policies help, since only certain users need be
exempted from the requirement to originate mail from specific IP
addresses. Forged spam from other or unknown users can then be
identified.
Alan> And even ignoring that, what percentage of roaming users
Alan> behave in such a way?
This would be interesting to know. Equally interesting would be to
know what percentage of organizations have a policy prohibiting their
users from behaving in this way. In the absence of such a policy, any
cautious adopter would have to assume that some of their users may
behave like this at times, and put new policies in place, allow time
for their users to adopt them, etc.
-roy