In
<3(_dot_)0(_dot_)6(_dot_)32(_dot_)20040306104244(_dot_)009983e0(_at_)mail(_dot_)yellowhead(_dot_)com>
administrator(_at_)yellowhead(_dot_)com writes:
After examining Microsoft's CallerID proposal in more detail, it is my
opinion that any system which attempts to reject/return mail after the DATA
phase is inherantly flawed.
I won't go quite so far as to say that Caller-ID is inherantly flawed.
I think that we *MUST* validate the envelope-from so that bogus
bounces can be eliminated and that valid bounces have a much better
chance of being delivered. I think that we also *SHOULD* try hard to
validate the From: header using some other system, such as Caller-ID
or DomainKeys or something. I think the latter problem is much harder
in many ways, it may not ever be completely possible, and that a
validated envelope-from can play an important part in validating
the From: header.
So, I think both SPF and Caller-ID/DomainKeys are incomplete
solutions, but that SPF (or some designated sender system) is needed
first.
-wayne