I think a lot of people will be willing to sacrifice forwarding.
The fact is, not many people use it.
Why not redo the forwarding loop entirely with a complete authentication for
that hop?
At the moment we are identifying forwarded email as such and special case
processing.
How about adding in a feature of the form 'reject attempts to forward mail
to this account except from these sources', where the authentication
mechanism could be IP based (weak) or cookie based (pretty damn strong).
I'll fish out my ASRG proposal.
Phill
-------
Sender Permitted From: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
Latest draft at http://spf.pobox.com/draft-mengwong-spf-02.9.4.txt
Wiki:
http://spfwiki.infinitepenguins.net/pmwiki.php/SenderPermittedFrom/HomePage
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to
http://v2.listbox.com/member/?listname(_at_)©#«Mo\¯HÝÜîU;±¤Ö¤Íµø?¡