> > - nomadic users have valid reasons to post from random places on the net > > (including multiple ISPs) and keep the same mail from address. > > then, i'm sorry that i'm such a poor writer. i tried to cover this case: > > 3.3. Roaming hosts such as laptop computers will probably not be able to > be listed in the MAIL-FROM MX RR for their return address domain name, > and may be forced to use an intermediary for outbound e-mail. STARTTLS > or an SSL/SSH tunnel back "home" may become a necessary first hop for > mobile e-mail. > > > - many ISPs won't let you forward or submit mail through someone else's > > SMTP server, even if you have permission to do so. so you can't > > forward your mail through your "home" ISP's mail server to allow the > > "mail from" check to work. > > in that case you'd be wise to not insert a MAIL-FROM MX for your domain. what this seems to require is to have different sets of domains for use in MAIL FROM addresses - those for which source verification can be expected and those for which it cannot. there are some current domains which are naturally and exclusively in the former category - say hotmail.com; but most domains are probably not exclusively in either category. so it would require establishment of new domains and reconfiguration of systems to use those domains to be effective - along with the educational effort that this entails. and it would still leave a significant portion of mail without a way to identify its source. Keith