You get an email delivered from 64.71.152.40 (last untrusted relay). You look up the DNS A record for that IP, and get mail.chaosreigns.com. Then you look up the DNS PTR record of 40.152.71.64.designatedsender.mail.chaosreigns.com, and if it's 127.0.0.1, it's a legit email sender and gets some negative SA score. Otherwise it's not, and gets some positive SA score (low at first until adoption spreads).
So it's not tied to the SMTP MAIL FROM or anything. Forwarding doesn't break. Eventually you reject all email from IPs without such records. Obviously you'd need a blacklist of spammer domains that list spamming IPs as legit senders. Not an RHSBL / MAIL FROM blacklist, but a blacklist where, when the A record of a delivering IP is in a blacklisted domain, the mail gets rejected. I am not at all attached to the format of the PTR record and would like suggestions. Is there any way this wouldn't be very useful? -- "Of course there's strength in numbers. But there's strength in sharp weaponry too. Ironically, this lead to what we call 'civilization'." - spore http://www.ChaosReigns.com