It appears to me that this proposal requires a PTR record pointing to
something.mxout.example.com for each mail server authorised to send mail for
example.com. Suppose though that a mail server is an authorised server for
many domains, such as an ISP smarthost that is authorised to send for all of
the ISP's customers' domains. That would require multiple (possibly thousands)
of PTR records for that mail server, e.g.
*snip*
I just spotted this comment here and from what I understand, this may be beyond
the scope of mxout.
If a server is only designed to send mail from one domain, it can say so.
If a server sends mail from multiple domains, there are different responses to
the mxout record that can be returned.
At the highest level, 127.0.0.6 would mean that any hosts with a ptr of
something.mxout.ispdomain.tld are prevented from sending mail unless it goes
through that server. At the same time, the server is left open so that it can
still be used to send mail from domains other than ispdomain.tld
So, whilst that would not provide protection against the ISPs users with their
own ptr, it does protect the any recipient supporting mxout from any zombies
under ispdomain.tld
With regards to your comment on multiple ptrs being required, I see your point
which is why mxout is probably ineffective for anything other than hosts
running off ispdomain.tld and some other option should be layered to defend
against that.