Replace "sent" with "accepted responsibility for", and MAIL FROM
checking is perfectly valid, if all parties agree.
How do you arrive at publishing an SPF record being tantamount to
accepting accountability for all actions of these authorized
entities?
When I jumped into this little game I did so with the goal of:
========================
RESTORING ACCOUNTABILITY
========================
There, just so it's clear what I'm thinking, in case it wasn't clear every
other time I've used the word "accountability" or "accountable" in an e-mail.
Yes, this means knowing who to point fingers at for mail abuse. It would
also mean fingering a domain administration who, wittingly or otherwise,
allows a compromised system to send abusive mail on its behalf (and,
hopefully, would correct that compromise somehow.)
I wasn't aware that this working group shifted from that goal. Has it?
--
PGP key (0x0AFA039E):
<http://www.pan-am.ca/consulting(_at_)pan-am(_dot_)ca(_dot_)asc>
Sometimes it's hard to tell where the game ends and where reality bites,
er, begins. <http://vmyths.com/resource.cfm?id=50&page=1>