* Bill Cole: > Trusting the authenticity of email simply because it comes from a > machine which uses a resolvable HELO in a particular domain is a naive > approach unless you are *AT LEAST* using a DNS resolver that demands > authenticated answers, i.e. requires DNSSEC [...]
Agreed, but I'd go one step further and call it dangerous instead of just naive. Anything short of a verifiable, cryptographic signature cannot be relied on when it comes to email authenticity. DNSSEC does not provide protection against rogue email being sent from an organisation's servers. -Ralph
