I don't see these two as mutually exclusive. Do they have to be?
Of course not, except to the extent that optimizing for one breaks the
other. If the local MTA strips off all of the incoming A-R headers to
protect me from myself, I can't do the forensics.
Within the context of message authentication, the "trust boundary"
referenced in the draft doesn't have to be constrained to machines
bearing your domain name, although I would probably assert that that's
going to be the general case and thus some of the softer language in the
draft does make that assumption.
It really depends on context. I think my example of forwarders that are
known to be friendly but have less than fabulous filtering is a useful one
here. (It's certainly useful for me in the spam forensics I do right now.
Two of my forwarders are acm.org and ieee.org which I think are reasonable
candidates for adding A-R when it's defined.)
Regards,
John Levine, johnl(_at_)iecc(_dot_)com, Primary Perpetrator of "The Internet for
Dummies",
Information Superhighwayman wanna-be, http://www.johnlevine.com, ex-Mayor
"More Wiener schnitzel, please", said Tom, revealingly.
_______________________________________________
NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html