1) Reverse DNS (IP address to name) is generally controlled by network admins at the ISP/Backbone level. 2) Putting in some additional record (suggestions?) for each IP address indicating that it is a mail server and should be directly sending mail would be relatively easy. 3) If a receiving mailserver saw this was a trusted mailserver IP it could assign more trust to message (by lowering the spam score).
I don't think this would solve everything, but I am sure it would help. It puts a second qualified party, who is accustomed to dealing with customers and ip, in the position of legitimizing ip addresses that should be mail servers.
Instead of putting control over which ip's are allowed to send mail in the hands of the administrator of a domain, how about putting it in the hands of the person who controls the ip's themselves. That is, the person who makes the reverse entries for the netblock in question. This could be in addition to SPF or any other check. The mail server could query something like smtp.1.2.3.4.in-addr.arpa and if it returned some preassigned value, it was a server that was expected to send mail. I don't know if this would work, but it would seem to generally put autorization of mail servers in the hands of the people responsibe for the network, which is possibly one step up from the domain user.
Slashdot Mirror
1) Reverse DNS (IP address to name) is generally controlled by network admins at the ISP/Backbone level.
2) Putting in some additional record (suggestions?) for each IP address indicating that it is a mail server and should be directly sending mail would be relatively easy.
3) If a receiving mailserver saw this was a trusted mailserver IP it could assign more trust to message (by lowering the spam score).
I don't think this would solve everything, but I am sure it would help. It puts a second qualified party, who is accustomed to dealing with customers and ip, in the position of legitimizing ip addresses that should be mail servers.
LLB
Instead of putting control over which ip's are allowed to send mail in the hands of the administrator of a domain, how about putting it in the hands of the person who controls the ip's themselves. That is, the person who makes the reverse entries for the netblock in question. This could be in addition to SPF or any other check. The mail server could query something like smtp.1.2.3.4.in-addr.arpa and if it returned some preassigned value, it was a server that was expected to send mail. I don't know if this would work, but it would seem to generally put autorization of mail servers in the hands of the people responsibe for the network, which is possibly one step up from the domain user.