>You can argue that envelope header forgery is irrelevant, and that corner >cases don't matter. But I think this latest incident provides a good >counterexample that it does matter. And it's easy to fix, so why not fix >it?
Why do you think that the envelope addresses in the spam bore any relation to the address in the From header? The from comments (the so-called friendly name) were randomized, and they came from compromised servers all over the world, so I'd expect the envelope addresses to be similarly random. SPF has some value for some heavily forged domains, but that's about it. R's, John
