authenticated "from" email address

[Kevin Shalla <kshalla () UIC EDU>]

Because most of my legitimate email is from people within my email domain,
I would like to be able to trust that email from users in my domain is
actually from the account in the "from" field.  If this were the case, I
would get less spam, viruses, and worms, because now I get many messages
with spoofed "from" addresses of internal users.  Since both "blacklist"
and "whitelist" strategies for dealing with spam require identifying the
sender, this spoofing hobbles those strategies.

Recently I heard about the SMTP Service Extension for Authentication
<http://www.ietf.org/rfc/rfc2554.txt>, and had high hopes for it, but I've
heard that once authenticated, the user is not restricted to sending
messages with the "from" address of that authenticated user.  Does anyone
know if there is any protocol (or anything in the works) for restricting
this way?

**********
Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at 
http://www.educause.edu/groups/.