> From: Paul Vixie <paul@vix.com> > ... > i am reminded by this thread that the most powerful force on the internet > continues to be a single voice saying that something cannot be done. No, what you are seeing is something that has always been true on the Internet. Anything that depends on the actions of third parties who will not gain by it takes a long time. To hope for something to take off, it must be worthwhile from the start. This proposal costs many people and organizations now (new software) and forever (MX, .forward, mailing list, and mobile hassles) and benefits no one for at least the first year or so. What's in it for the owners of the domains most commonly (not really) "forged" into Mail_From values, the free mail providers? The main effect for them is that they both be forced to process more out-going mail and see their user base reduced. Many users who now use a free mail provider Mail_From value would either have arrange to send through the free mail provider or switch to a return address based on IP bandwidth provider. What is the difference in the short and medium term between your proposal and teaching your MTA to check that one of the A records for the reverse DNS name of the SMTP clients contains the IP address of the client? A major difference is that you can install this check today without waiting for anyone else to do anything. We all (well, some of us) can name a raft of reasons why such checking is a bad idea in general, but you could easily do it only for the domains you think might eventually provide the new DNS RR and that have a significant (so called) "forgery" problem, the free mail providers. For that matter, why not simply blacklist any and all mail with From values pointing at free providers. With a white list of your friends who use free providers, that is an extremely effective spam filter. Vernon Schryver vjs@rhyolite.com