Although I am reluctant to suggest
anything involving public key crypto, another approach would be to put a
public key in the MAIL-FROM DNS record and add a new header field containing a
signature covering the message's MAIL FROM and the current date.
that's an interesting idea. I don't see a big problem with doing something
like this as long as you don't try to make it a signature for the message -
it's just a way to say "I can prove that I have the right to use this
MAIL FROM". you might need to include more than just the date though.
Keith