Speaking of validation, there is one interoperability issue the draft
doesn't mention: Mail address verification by SMTP callout. For
verification of envelope senders this works fine, but there are other
applications where a mail address needs to be verified:
It's certainly an issue. I thought I mentioned it.
As you've observed, some systems attempt to verify a 2822 address by
doing a fake bounce with a null sender, which BATV doesn't like.
There's a few MTAs which do this as a rather lame anti-spam technique,
notably a plugin to EXIM.
I noticed that a few details are missing or at least rather vague. OTOH,
maybe they don't need to be specified. The only scheme currently defined
is prvs, which can only be validated by the original sender.