On Sat, 15 Oct 2016 17:33:00 +0200
Petr Bena <email@example.com> wrote:
> What exactly were you trying to tell me?
I'm trying to tell you that unless we throw out SMTP, there is *no way*
to detect spoofed email. That's because SMTP allows for "legitimate"
spoofing (AKA mailing lists) which makes it impossible to figure out what
"illegitimate" spoofing is, in the general case.
I did mention that you can use local domain-specific knowledge to add
a measure of protection to your own inbound email, but that such
measures are not generally applicable.