, Blue Ink wrote

@figuerres: that's unfortunately the way things are. And we are just digging ourselves in a deeper hole by using (and abusing) old protocols in all sort of devices.

Mitigation is all we can hope for at the moment; for instance, I wonder if it wouldn't be a good thing to allow SMTP servers to reject messages unless they originate directly from one of the IP addresses of the sender's domain (something that is specifically forbidden in the current RFC). That alone would make the whole header spoofing business irrelevant and it would improve the effectiveness of blacklisting.

 

as DC said there is sender id.  

  There is more that can be said but I do not want to hijack this thread.  if we want to go into spam and smtp issues start a new thread and I can say a whole lot about what's wrong and how it can be fixed  if anyone wants to have that talk.