If you really want to trust that the contents of a email message was
authored by the person who claims to be the author, you need to use a
digital signature based authentication mechanism (e.g. S/MIME).
S/MIME isn't necessary to address this scenario, which does demonstrate
the basic flaw of any IP-based solution. Domain Keys would have stopped
it though.
Larry Seltzer
eWEEK.com Security Center Editor
http://security.eweek.com/
http://blog.ziffdavis.com/seltzer
larryseltzer(_at_)ziffdavis(_dot_)com