Meng Weng Wong wrote:
Say, how would folks feel if we got rid of SRS and replaced it with a
less onerous workaround?
We don't have to get rid of SRS completely. We just have to do it already at
the sender (the domain that publishs the SPF record):
The sender signs a hash of the envelope sender (plus time stamp) by using a
private RSA key and in the SPF record publishs the pulic key needed to check
the signature. For example: "v=spf1 a mx ses:...public_key... -all" meaning
"all mail from us has a signed envelope sender and here is the method to
check it".
Roger