Brett Parker wrote:
Probably - as with SPF before it, it's not going to work long term... the correct solution (as it always has been) is to get rid of the complete muppets that send spam.
Many proposed anti-spam solutions fail on the "..but just because that's where it says the email is from doesn't mean that's where it was from" argument. Therefore a mechanism that allowed confidence in the sender details does have an anti-spam value (albeit not a simple "if it's there the message is OK").
Additionally, many people fall for phishing scams from natwest.com, hsbc.com, etc, and trojans sent from "trusted" domains like microsoft.com or symantec.com. Some key domains signing their emails would have a disproportionate benefit, imho. Yes I can think of many ways around this, but I don't buy the argument that we should stop chasing the spammers just because they'll keep running. I'm all for more "[getting] rid of the complete muppets that send spam" but no-one has come up with a good method for doing that as far as I can tell. For it to be a "solution" of any kind I think it needs a viable method to be presented, otherwise it's just an aspiration.