[Asrg] where the message originated

[John Levine]

>That's precisely the point.  I am not using my habitual mail client, nor 
>am I using my own familiar webmail service.  I am using a mail 
>kiosk-type service which allows me to enter a subject, my return 
>address, a to address, and the body of my mail.

Yeah, it's just one more way that the bad guys have screwed up mail
for everyone else.  The trickle of mail with random to and from
addresses coming out of a mail kiosk is pretty much indistinguishable
from a zombie, so it's not surprising that they have trouble getting
mail through.  Poorly conceived path authentication systems like SPF
don't help, since they encourage people to claim that their mail can
only come from their usual server.

Assuming DKIM gets traction, I can see that kiosk vendors will sign
all their mail  with the kiosk's domain which will, with luck, get
a good enough reputation that receivers will say, oh, that's KioskCo,
their mail is OK.  (This is an example, by the way, of the reason that
finer grain reputation is not always better.)

In the meantime, if you want to send mail while you're on the road,
you better either get a laptop with a MUA configured to relay through
home, or web mail.

> > If not, assuming you won't configure an email client, you should use 
>company's webmail server.
>
>That's not an option, and nor can I configure what e-mail server is 
>being used.

Too bad.  I think it would be clearer to say that whoever runs your
mail system doesn't consider the problem of sending mail on the road
to be serious enough to fix.

>In this case, however, the overly-broad-brush of poisoning ALL traffic 
>transiting an IP address just because it has sent "some" unwanted or 
>malicious mail can create a GREAT deal of serious collateral damage.

Quite true.  See comments above.

R's,
John