I once thought it was silly that e-mail is so easily forged. Then
someone pointed out to me how easily one can forge _physical_ mail --
the kind delivered five or six days a week by someone working for a
(quasi-)government entity and wearing a uniform.
It is utterly futile to put any effort into trying to authenticate the
sender of RFC 821 mail. It just doesn't make any sense, because there
is no basis in the underlying protocols to authenticate anything. One
can improve on the current zero authentication of e-mail by using a
public-key encryption system. How much it improves depends on your
point of view, as does whether it's worth all the trouble. It all
operates way far above RFC 821 and friends.
What does it mean when you get mail from someone you don't know? Why
do you care who _really_ sent it? What would you do differently based
on the sender?
Did you notice that I didn't specify electronic or physical mail?
When you answer these questions, you might realize that it's rarely
important to know precisely who sent a piece of mail, physical or
electronic. For those times when it really is important, you might
also realize that (at least today) you probably cannot complete the
transaction electronically anyway.$$
INET: Mark-Ludwig @
COM NIC: ML255 ICBM: USA; Lower Left Coast
"You can't brew beer out of genetically-cultivated barley; they've
bred the 'buzz' out of it. I've tried." -- UEO Chief Bickle