I've been doing some research as part of the Designated-Sender-Scheme
unification project.
http://www.irtf.org/asrg/asrg_documents.htm collects a lot of useful
background in one place; if you're new to the list, you should review
it. Here are some tasty bits.
--
A PDF reviewing the pros and cons of various approaches may be found at:
http://www.elan.net/~william/asrg-emailpathverification-presentation.pdf
It describes the MAIL FROM cookie and the Message-ID ideas.
--
http://www.ietf.org/rfc/rfc2505.txt
However, the MTA MAY throttle down the TCP connection ("read()"
frequency) if there are more than one "RCPT To:" and that way slow
down spammers using "MAIL From: <>".
SPF addresses forgery of the null sender address "<>" by reverting to
the HELO domain.
But there's another property of "<>": error messages should only ever go
to one account. Spammers always want to send to more than one account.
If a "<>" sender tries to mail to more than one recipient, we know
something's fishy. This is neither here nor there, just a useful
observation.
--
Tomorrow I present the new version of SPF at Foo Camp.
-------
Sender Permitted From: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to
http://v2.listbox.com/member/?listname(_at_)©#�«Mo\¯HÝÜîU;±¤Ö¤Íµø�?¡