Some observations about Sender-ID:
(1) It screws up forwarding, which is very popular at sites like mine.
(2) Although it appears to authenticate email addresses, it actually
authenticates domains (since the local part is ignored).
(3) Although it appears to authenticate domains, it actually authenticates
MTAs (since anyone authorized to use an MTA can send email "from" any
domain which uses that MTA).
The easiest way to fix a site to avoid complaints from users resulting
from Sender-ID rejections is to add before the usual Received: line at the
start of the message
Resent-Sender: mailer-daemon(_at_)outgoing(_dot_)mail(_dot_)relay
Of course outgoing.mail.relay is exactly what CSV authenticates.
Tony.
--
f.a.n.finch <dot(_at_)dotat(_dot_)at> http://dotat.at/
BERWICK ON TWEED TO WHITBY: WEST OR SOUTHWEST 2 OR 3 INCREASING 3 OR 4. FAIR.
GOOD. SLIGHT OR SMOOTH.